CVE-2026-3880 Stored XSS Vulnerability Summary Overview Vulnerability Name: CVE-2026-3880 Severity: High Affected Component: Public Folder Permissions report within the Reports module of Exchange Reporter Plus Affected Versions: Build 300 and earlier Impact Allows an authenticated attacker with Exchange Administrator privileges to inject and execute malicious scripts within the Exchange organization. Successful exploitation may lead to theft of sensitive information or execution of actions on behalf of the victim who accesses the affected report. Fix Fixed Version: Exchange Reporter Plus version 3002 Resolution: The issue has been resolved by implementing proper input sanitization. POC/Exploit Code No specific POC or exploit code is provided in the report. Only textual description is available.