Vulnerability Details CVE-2026-4108
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.5%
CVSS Severity
CVSS v3 Score 7.3
Products affected by CVE-2026-4108
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:-
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.4
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.6
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.8