CVE-2026-28756
highZohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report.
7.3
cvss
high
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss
0.0002
kev
no
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
CVSS 3.1
Common Vulnerability Scoring System v3.1
7.3
/ 10
HIGH
exploitability
Attack Vector
Network
Attack Vector (AV:N): exploitable remotely over the network — most dangerous. no physical or adjacent access needed.
Attack Complexity
Low
Attack Complexity (AC:L): no special conditions needed. attack can be reliably reproduced.
Privileges Required
Low
Privileges Required (PR:L): requires basic user-level access.
User Interaction
Required
User Interaction (UI:R): victim must perform some action (e.g. clicking a link, opening a file).
impact
Scope
Unchanged
Scope (S:U): impact limited to the vulnerable component.
Confidentiality
High
Confidentiality (C:H): total information disclosure. attacker gains access to all data within the component.
Integrity
High
Integrity (I:H): complete data modification possible. attacker can modify any data.
Availability
None
Availability (A:N): no availability impact.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
activity density
rdintel assessment
composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.
sign in to view full intelligence
pocs, detection rules, timeline, advisories, and more