Unrated severityNVD Advisory· Published Dec 22, 2009· Updated Apr 23, 2026
CVE-2009-4387
CVE-2009-4387
Description
The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.
Affected products
12cpe:2.3:a:manageengine:password_manager_pro:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:manageengine:password_manager_pro:*:*:*:*:*:*:*:*range: <=6.1
- cpe:2.3:a:manageengine:password_manager_pro:*:-:standard:*:*:*:*:*range: <=6.1
- cpe:2.3:a:manageengine:password_manager_pro:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:password_manager_pro6.1:*:free:*:*:*:*:*:*Range: <=-
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.manageengine.com/products/passwordmanagerpro/release-notes.htmlnvdPatch
- www.scip.chnvdPatch
- www.vupen.com/english/advisories/2009/3540nvdPatchVendor Advisory
- www.scip.ch/publikationen/advisories/scip_advisory-4063_manageengine_pmp_script_injection.txtnvdExploit
- secunia.com/advisories/37765nvdVendor Advisory
- forums.manageengine.comnvd
- www.securityfocus.com/bid/37336nvd
News mentions
0No linked articles in our index yet.