The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-12-22T23:00:00Z
Updated: 2024-09-16T17:29:04.222Z
Reserved: 2009-12-22T00:00:00Z
Link: CVE-2009-4387
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-12-22T23:30:00.517
Modified: 2024-11-21T01:09:31.420
Link: CVE-2009-4387
Redhat
No data.