CVE-2025-9787 — Cross-site Scripting in Manageengine Applications Manager

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 46.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Applications Manager

Timeline

PublishedDec 18

Description

Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5zohocorp/manageengine_applications_manager< 177500

▶NVDzohocorp/manageengine_applications_manager17.4 — 17.7+2

Patches

Patch: www.manageengine.com ↗

🔴Vulnerability Details

GHSA

GHSA-4wcm-79rp-rw98: Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view↗2025-12-18

▶

CVEList

Stored XSS↗2025-12-18

▶