The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2009-12-22 23:30
Updated : 2024-02-28 11:41
NVD link : CVE-2009-4387
Mitre link : CVE-2009-4387
CVE.ORG link : CVE-2009-4387
JSON object : View
Products Affected
manageengine
- password_manager_pro
- password_manager_pro6.1
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')