CVE-2009-4387

https://notcve.org/view.php?id=CVE-2009-4387

The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ShowInContentAreaAction.do en ManageEngine Password Manager Pro (PMP) en versiónes anteriores a v6.1 Build 6104 utiliza comprobación del uso de mayúsculas/minúsculas para entradas maliciosas, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través del parámetro "searchtext" y otras entradas sin especificar. • http://forums.manageengine.com/#Topic/49000003740390 http://secunia.com/advisories/37765 http://www.manageengine.com/products/passwordmanagerpro/release-notes.html http://www.scip.ch/?vuldb.4063 http://www.scip.ch/publikationen/advisories/scip_advisory-4063_manageengine_pmp_script_injection.txt http://www.securityfocus.com/bid/37336 http://www.vupen.com/english/advisories/2009/3540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •