Stored Cross-Site Scripting Vulnerability in ManageEngine Exchange Reporter Plus
CVE-2025-5343

6.3MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Exchange Reporter Plus
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-5343?

ManageEngine Exchange Reporter Plus versions up to 5721 are exposed to a stored cross-site scripting vulnerability via the Instant Search feature. This allows attackers to inject malicious scripts which could lead to unauthorized actions or data exposure, necessitating prompt attention to secure the affected applications.

Affected Version(s)

ManageEngine Exchange Reporter Plus 0 <= 5721

References

https://www.manageengine.com/products/exchange-reports/ad...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
May 30, 2025

JSON

Zohocorp

What is CVE-2025-5343?

Affected Version(s)

References

CVSS V3.1

Timeline