ManageEngine OpManager
Moderate fix1 remedy
cpe:2.3:a:manageengine:opmanager:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- >= 128569, <= 128581
- >= 128464, < 128569
ManageEngine Products Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils, affecting versions prior to 128582. The vulnerability resides in the Subnet Details section, where authenticated, low-privileged users with permission to modify subnet information can inject malicious JavaScript payloads. These injected scripts are stored and executed when other users access the affected page.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user viewing the Subnet Details page.
Remediation
Users can upgrade to version 128582, 128570, or 128465. Instructions for downloading the latest upgrade pack are available on the ManageEngine website.
Added: Jan 30, 2026, 2:19 PM
Updated: Jan 30, 2026, 2:19 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
1.7exploitability
3.2remediation
7.7relevance
2.4threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.