Stored Cross-Site Scripting Vulnerability in Zohocorp ManageEngine Exchange Reporter Plus
CVE-2025-5347

6.3MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Exchange Reporter Plus
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-5347?

Zohocorp ManageEngine Exchange Reporter Plus versions prior to 5723 are exposed to a stored cross-site scripting vulnerability within the reports module. This security flaw allows attackers to inject malicious scripts that can run in the context of a user's browser, potentially leading to unauthorized access to sensitive information. Users of affected versions should consider immediate patching to mitigate exploitation risks.

Affected Version(s)

ManageEngine Exchange Reporter Plus 0 < 5723

References

https://www.manageengine.com/products/exchange-reports/ad...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
May 30, 2025

JSON