Volerion logoVolerion
Volerion logoVolerion

ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in ManageEngine Applications Manager, affecting versions through 177400. This issue arises in the NOC view, where the dashboard search field can be exploited if a dashboard name contains a malicious JavaScript payload. When the payload is executed, it runs in the context of the victim's browser, potentially allowing the attacker to perform actions based on the victim's role in Applications Manager.

Impact

Exploitation of this vulnerability allows for the execution of malicious JavaScript in the context of the victim's browser, controlled by the attacker. This could be used to perform actions corresponding to the victim's role in Applications Manager.

Remediation

Users can update to ManageEngine Applications Manager version 177500 or any version between 177201 and 177209 to address this vulnerability. Instructions for updating are available on the ManageEngine Applications Manager service packs page.

Added: Dec 18, 2025, 5:19 PM
Updated: Dec 18, 2025, 5:19 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
1.7
exploitability
4.1
remediation
7.7
relevance
1.4
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.