Sign in Get started

← All advisories

High severity7.3NVD Advisory· Published Apr 3, 2026· Updated Apr 3, 2026

CVE-2026-28754

CVE-2026-28754

Description

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report.

Affected products

4

Zohocorp/Manageengine Exchange Reporter Plus4 versions
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*range: <5.8
- cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.8:-:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.8:5800:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.8:5801:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

www.manageengine.com/products/exchange-reports/advisory/CVE-2026-28754.htmlnvdVendor Advisory

News mentions

0

No linked articles in our index yet.