CVE-2025-9787
Stored XSS in ManageEngine Applications Manager NOC View
Publication date: 2025-12-18
Last updated on: 2025-12-18
Assigner: ManageEngine
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zohocorp | manageengine_applications_manager | 177400 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9787 is a stored DOM Cross-Site Scripting (XSS) vulnerability in ManageEngine Applications Manager versions 177400 and below. It occurs in the search functionality of the create or edit NOC (Network Operations Center) view when a dashboard name contains malicious JavaScript code. This code is stored and later executed in the browser of users who search for that dashboard, allowing attackers to run arbitrary JavaScript with the victim's privileges within the application. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session with the victim's privileges in ManageEngine Applications Manager. This could lead to unauthorized actions such as data theft, session hijacking, or manipulation of application data, potentially compromising the security and integrity of the affected system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your ManageEngine Applications Manager instance is running version 177400 or below and if the NOC view's dashboard names contain any suspicious or malicious JavaScript payloads. Since it is a stored DOM Cross-Site Scripting vulnerability triggered via the dashboard search functionality, you can attempt to search for dashboard names containing script tags or JavaScript code. Specific commands are not provided in the resources, but manual inspection or automated scanning for stored XSS payloads in dashboard names is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update your ManageEngine Applications Manager to version 177500 or above, or to versions between 177201 and 177209 where the vulnerability has been fixed. The fix involves implementing DOM safe APIs to safely render dashboard names and prevent script execution. Applying the latest service pack or security update from ManageEngine is advised. [1]