Free Edition| Vulnerability Details | |
| Severity | High |
| CVE ID | CVE-2026-4107 |
| Affected software versions | Builds 5801 and below |
| Fixed version | 5802 |
| Fixed on | March 19, 2026 |
CVE-2026-4107 describes a stored XSS vulnerability in the Folder Message Count and Size report within the Reports module.
This vulnerability could allow an authenticated attacker who is a mailbox user in the Exchange organization to execute malicious scripts. Successful exploitation may grant the attacker unauthorized access to Exchange Reporter Plus based on the privileges of the victim who interacts with the affected component.
This issue has been resolved in Exchange Reporter Plus version 5802 by implementing proper input validation.
Update your Exchange Reporter Plus instance to build 5802 or later using the service pack.
This vulnerability was reported by C311 through the Zoho BugBounty program.
If you have any questions or need assistance updating the product to the latest version, please contact product support or our security team.
