Executive Summary

CVE-2025-9787 is a stored DOM Cross-Site Scripting (XSS) vulnerability in ManageEngine Applications Manager versions 177400 and below. It occurs in the search functionality of the create or edit NOC (Network Operations Center) view when a dashboard name contains malicious JavaScript code. This code is stored and later executed in the browser of users who search for that dashboard, allowing attackers to run arbitrary JavaScript with the victim's privileges within the application. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session with the victim's privileges in ManageEngine Applications Manager. This could lead to unauthorized actions such as data theft, session hijacking, or manipulation of application data, potentially compromising the security and integrity of the affected system. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if your ManageEngine Applications Manager instance is running version 177400 or below and if the NOC view's dashboard names contain any suspicious or malicious JavaScript payloads. Since it is a stored DOM Cross-Site Scripting vulnerability triggered via the dashboard search functionality, you can attempt to search for dashboard names containing script tags or JavaScript code. Specific commands are not provided in the resources, but manual inspection or automated scanning for stored XSS payloads in dashboard names is recommended. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update your ManageEngine Applications Manager to version 177500 or above, or to versions between 177201 and 177209 where the vulnerability has been fixed. The fix involves implementing DOM safe APIs to safely render dashboard names and prevent script execution. Applying the latest service pack or security update from ManageEngine is advised. [1]

Useful 0 Not Useful 0