CVE-2009-4387Cross-site Scripting in Password Manager PRO

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Password Manager PROManageengine Password Manager Pro6.1
Timeline
PublishedDec 22
Latest updateMay 2

Description

The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Patches

Patch: www.manageengine.comPatch: www.scip.chPatch: www.vupen.com

🔴Vulnerability Details

2
GHSA
GHSA-pvc4-2h26-6hch: The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction2022-05-02
CVEList
CVE-2009-4387: The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction2009-12-22
CVE-2009-4387 — Cross-site Scripting | cvebase