CVE-2009-4387

Published Dec 22, 2009

Last updated 15 years ago

Overview

Description: The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F98F34C9-3D3B-4C67-88BF-8B4F8CD71832",
            "versionEndIncluding": "6.1"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:*:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A888EEC2-60E8-407C-ACE8-68AB5E882EBD",
            "versionEndIncluding": "6.1"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B514D4E8-E996-4F8C-9830-3CB12B6FBE1C"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFD9FC23-D877-44FA-8F86-4AF006A0C3E9"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63DA6D0A-931D-4B07-86C1-06D4F36FA679"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAACBB2A-8F1E-4013-B3DA-1742CA66A944"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "076C49A5-C554-4820-AE83-5858209CF3C8"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E578FA0-E8AD-4BD5-B6B8-2357A2EAF4AC"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EA9117D-2355-4FCE-876B-2E6FAED66A55"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27B0EF1B-B8C1-40E4-8545-F5B119FF50FD"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0783C5C-58CA-435E-B000-9787379DEB9D"
          },
          {
            "criteria": "cpe:2.3:a:manageengine:password_manager_pro6.1:*:free:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D46C1E3-5B7F-466C-98BB-F910757F9A47",
            "versionEndIncluding": "-"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References