CVE-2026-3880

Description

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report.

PUBLISHED Reserved 2026-03-10 | Published 2026-04-03 | Updated 2026-04-04 | Assigner Zohocorp

Problem types

CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

Product status

Credits

C311 finder

References

www.manageengine.com/...-reports/advisory/CVE-2026-3880.html

cve.org (CVE-2026-3880)

nvd.nist.gov (CVE-2026-3880)

Download JSON