CVE-2025-5343

Опубликовано: 30 окт. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 5.4

EPSS Низкий

Описание

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.

Ссылки

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5343.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*

Версия до 5.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5713:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5714:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5715:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5717:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5718:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5719:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5720:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5721:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00046

Низкий

6.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-wg3v-82fv-xf99

CVSS3: 6.3

github

3 месяца назад

Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.

BDU:2025-16436

CVSS3: 6.3

fstec

8 месяцев назад

Уязвимость функции Instant Search модуля Content Search программного средства мониторинга, анализа и создания отчетов ManageEngine Exchange Reporter Plus , позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 14%

0.00046

Низкий

6.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79