Cross-Site Scripting Vulnerability in ManageEngine Password Manager Pro
CVE-2009-4387

Currently unrated

Key Information:

Vendor: Manageengine
Status: Password Manager Pro; Password Manager Pro6.1
Vendor: CVE Published:; 22 December 2009

Summary

The ManageEngine Password Manager Pro application has a vulnerability in its handling of user input, specifically in the ShowInContentAreaAction.do component. The application employs case-sensitive checks for input validation, which can be exploited by attackers. By injecting crafted malicious scripts through parameters such as 'searchtext', unauthorized users can execute arbitrary web scripts or HTML in the browsers of users interacting with the application. This vulnerability underscores the importance of robust input validation mechanisms to safeguard against XSS attacks.

References

http://www.scip.ch/?vuldb.4063

x_refsource_MISC

http://www.scip.ch/publikationen/advisories/scip_advisory...

x_refsource_MISC

http://forums.manageengine.com/#Topic/49000003740390

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 22, 2009