CVE-2009-4387

2009-12-22T23:30:00
ID CVE-2009-4387
Type cve
Reporter cve@mitre.org
Modified 2009-12-23T05:00:00

Description

The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.