Primary

Context

ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability in File/Directory Monitor

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in ManageEngine Applications Manager versions through 176600. This issue arises in the File/Directory monitor when content checking is enabled, allowing malicious JavaScript to be executed in the context of an administrator user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected malicious content is executed in the victim's browser, potentially leading to unauthorized actions within the Applications Manager as an administrator.

Remediation

Users can update to ManageEngine Applications Manager version 176700 or later, which addresses the vulnerability by implementing proper encoding. Instructions for updating are available on the ManageEngine website.

Added: Jul 23, 2025, 11:17 AM

Updated: Jul 23, 2025, 11:17 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.4

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.4

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability in File/Directory Monitor

Vulnerability

Impact

Remediation

Affected Products

Zohocorp ManageEngine Applications Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating