Security Updates - CVE Database
Home » Security Updates ยป CVE-2025-9226

Stored XSS Vulnerability in Subnet Details - CVE-2025-9226

Severity: Medium

CVE ID: CVE-2025-9226


Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Enterprise Edition
OpManager Plus
OpManager Plus Enterprise Edition
OpManager MSP
NetFlow Analyzer
OpUtils		 Between 128569 & 128581
Between 128464 & 128569
Below 128464		 128582 / 128570 / 128465 30-06-2025

Details:

The stored Cross-Site Scripting (XSS) vulnerability allowed authenticated, low-privileged user with permission to modify subnet details to inject malicious JavaScript payloads. This has been fixed.

Impact:

A stored Cross-Site Scripting (XSS) vulnerability could allow a low-privileged authenticated user to inject malicious JavaScript through the subnet details input field. The injected payload may be stored and executed when other users access the affected page.

Fix:

The issue has been addressed by accurately escaping and safely rendering all user input from the subnet details field as plain text in the UI, ensuring that injected JavaScript is not executed and the XSS vulnerability is mitigated.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by tuannq x ngockhanhc311.

Kindly contact our product support team for further details, at the below mentioned email address:

 

 
Related Products
 Pricing  Get Quote

Features

Sectors

Quick links

Why OpManager

Company

Training and Support

Connect with us:

     

ManageEngine is a division of Zoho Corp.