What the vulnerability does
01Description
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report.
CVSS base score
7.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Key dates
02Disclosure timeline
April 3, 2026
CVE published
April 4, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-60179 WordPress Click & Tweet Plugin <= 0.8.9 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-54817
CVE-2024-51809 WordPress Keymaster Chord Notation Free plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2023-1316 Cross-site Scripting (XSS) - Stored in osticket/osticket
CVE-2025-23427 WordPress Redux Converter plugin <= 1.1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
