Stored XSS Vulnerability in ManageEngine Exchange Reporter Plus by Zohocorp
CVE-2026-28756
7.3HIGH
What is CVE-2026-28756?
ManageEngine Exchange Reporter Plus prior to version 5802 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability in the Permissions based on Distribution Groups report. This flaw could allow attackers to inject malicious scripts, potentially compromising user sessions and enabling unauthorized actions within the application. Organizations using affected versions are advised to upgrade to mitigate risks associated with this vulnerability.
Affected Version(s)
ManageEngine Exchange Reporter Plus 0 < 5802