Stored Cross-Site Scripting Vulnerability in Zohocorp ManageEngine Applications Manager
CVE-2025-9787

6.1MEDIUM

Key Information:

Vendor

Zohocorp
Status
Manageengine Applications Manager
Vendor
CVE Published:
18 December 2025

What is CVE-2025-9787?

The Stored Cross-Site Scripting vulnerability in Zohocorp's ManageEngine Applications Manager affects versions 177400 and below. This flaw allows attackers to inject malicious scripts into the NOC view, potentially compromising user sessions and sensitive information. Organizations using affected versions should promptly assess their exposure to mitigate risks associated with this vulnerability.

Affected Version(s)

ManageEngine Applications Manager 0 < 177500

References

https://www.manageengine.com/products/applications_manage...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.