Cross-Site Scripting Vulnerability in ManageEngine Password Manager Pro
CVE-2009-4387

Currently unrated

Key Information:

Vendor

Manageengine
Status
Password Manager Pro
Password Manager Pro6.1
Vendor
CVE Published:
22 December 2009

What is CVE-2009-4387?

The ManageEngine Password Manager Pro application has a vulnerability in its handling of user input, specifically in the ShowInContentAreaAction.do component. The application employs case-sensitive checks for input validation, which can be exploited by attackers. By injecting crafted malicious scripts through parameters such as 'searchtext', unauthorized users can execute arbitrary web scripts or HTML in the browsers of users interacting with the application. This vulnerability underscores the importance of robust input validation mechanisms to safeguard against XSS attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.scip.ch/?vuldb.4063
x_refsource_MISC
http://www.scip.ch/publikationen/advisories/scip_advisory...
x_refsource_MISC
http://forums.manageengine.com/#Topic/49000003740390
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.