Platform
manageengine
Component
manageengine-exchange-reporter-plus
Opgelost in
5802
CVE-2026-3879 is a stored Cross-Site Scripting (XSS) vulnerability affecting ManageEngine Exchange Reporter Plus versions prior to 5802. This vulnerability allows an attacker to inject malicious scripts into the Equipment Mailbox Details report, potentially leading to session hijacking or defacement. Affected versions include those from 0 up to and including 5801. A patch is available in version 5802.
Successful exploitation of CVE-2026-3879 allows an attacker to inject arbitrary JavaScript code into the Equipment Mailbox Details report within ManageEngine Exchange Reporter Plus. When a user views this report, the injected script executes in their browser context, granting the attacker potential control over their session. This could lead to unauthorized access to sensitive data, including email content, user credentials, and system configurations. The attacker could also leverage this to perform phishing attacks or deface the application's interface. The scope of impact depends on the privileges of the affected user and the sensitivity of the data they access.
CVE-2026-3879 was publicly disclosed on 2026-04-03. No public proof-of-concept (POC) code has been released at the time of writing, but the XSS nature of the vulnerability makes it likely that a POC will emerge. The vulnerability is not currently listed on CISA KEV. The probability of exploitation is considered medium due to the ease of XSS exploitation and the potential impact.
Organizations utilizing ManageEngine Exchange Reporter Plus for email reporting and analysis are at risk, particularly those running versions 0 through 5801. Environments with shared user accounts or where user input is not properly validated are especially vulnerable. Those relying on the Equipment Mailbox Details report for critical operational insights are also at increased risk.
• manageengine / web:
curl -s -X POST "<exchange_reporter_plus_url>/reports/EquipmentMailboxDetails.aspx" -d "<input_field>=<xss_payload>" | grep -i "<xss_payload>"• generic web:
curl -s -X POST "<exchange_reporter_plus_url>/reports/EquipmentMailboxDetails.aspx" -d "<input_field>=<xss_payload>" | grep -i "<xss_payload>"disclosure
Exploit Status
EPSS
0.02% (5% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-3879 is to upgrade ManageEngine Exchange Reporter Plus to version 5802 or later, which contains the fix. If an immediate upgrade is not possible, consider implementing input validation and output encoding on user-supplied data within the Equipment Mailbox Details report. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and sanitize user input to minimize the attack surface. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the Equipment Mailbox Details report and verifying that it is not executed.
Actualice ManageEngine Exchange Reporter Plus a la versión 5802 o posterior. Esta actualización corrige la vulnerabilidad XSS almacenada en el informe 'Equipment Mailbox Details'.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-3879 is a stored Cross-Site Scripting (XSS) vulnerability in ManageEngine Exchange Reporter Plus versions 0–5802, allowing attackers to inject malicious scripts into the Equipment Mailbox Details report.
You are affected if you are running ManageEngine Exchange Reporter Plus versions 0 through 5801. Upgrade to version 5802 or later to mitigate the risk.
Upgrade ManageEngine Exchange Reporter Plus to version 5802 or later. Input validation and WAF rules can provide temporary mitigation if an upgrade is not immediately possible.
While no active exploitation has been confirmed, the XSS nature of the vulnerability suggests a potential for exploitation. Monitor your systems for suspicious activity.
Refer to the official ManageEngine security advisory for CVE-2026-3879 on the ManageEngine website for detailed information and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.