CVE-2009-4387: XSS
First published: Tue Dec 22 2009(Updated: )
The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine Password Manager Pro | =5.4 | |
| ManageEngine Password Manager Pro | =6.0 | |
| Manageengine Password Manager Pro6.1 | <=- | |
| ManageEngine Password Manager Pro | =5.1 | |
| ManageEngine Password Manager Pro | =5.2 | |
| ManageEngine Password Manager Pro | =5.0 | |
| ManageEngine Password Manager Pro | =4.7 | |
| ManageEngine Password Manager Pro | =4.6 | |
| ManageEngine Password Manager Pro | <=6.1 | |
| ManageEngine Password Manager Pro | <=6.1 | |
| ManageEngine Password Manager Pro | =5.3 | |
| ManageEngine Password Manager Pro | =4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/37336
- http://www.scip.ch/?vuldb.4063
- http://secunia.com/advisories/37765
- http://www.scip.ch/publikationen/advisories/scip_advisory-4063_manageengine_pmp_script_injection.txt
- http://www.manageengine.com/products/passwordmanagerpro/release-notes.html
- http://www.vupen.com/english/advisories/2009/3540
- http://forums.manageengine.com/#Topic/49000003740390
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/manageengine
- canonical/manageengine password manager pro
- version/manageengine password manager pro/5.4
- version/manageengine password manager pro/6.0
- canonical/manageengine password manager pro6.1
- version/manageengine password manager pro6.1/-
- version/manageengine password manager pro/5.1
- version/manageengine password manager pro/5.2
- version/manageengine password manager pro/5.0
- version/manageengine password manager pro/4.7
- version/manageengine password manager pro/4.6
- version/manageengine password manager pro/6.1
- version/manageengine password manager pro/5.3
- version/manageengine password manager pro/4.8