anonhaven
Ad

CVE-2026-28756

MEDIUM CVSS 3.1: 4.8 EPSS 0.02%
Updated Apr 03, 2026
Zohocorp
Parameter Value
CVSS 4.8 (MEDIUM)
Affected Versions before 5.8
Fixed In 5.8
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Zohocorp
Public PoC No

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Zohocorp Manageengine_Exchange_Reporter_Plus
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*
 5.8
Zohocorp Manageengine_Exchange_Reporter_Plus
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.8:-:*:*:*:*:*:*
Zohocorp Manageengine_Exchange_Reporter_Plus
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.8:5800:*:*:*:*:*:*
Zohocorp Manageengine_Exchange_Reporter_Plus
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.8:5801:*:*:*:*:*:*

References 1

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-28756.…
0fc0942c-577d-436f-ae8e-945763c79b02
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-27655

Zohocorp

4.8

CVE-2026-4108

Zohocorp

4.8

CVE-2026-4107

Zohocorp

5.4

CVE-2026-3880

Zohocorp

4.8

CVE-2026-3879

Zohocorp

4.8