CVE-2009-4387
ManageEngine PMP <6.1.6104 - XSS
Title source: llmDescription
The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.
References (7)
Scores
EPSS
0.0052
EPSS Percentile
66.3%
Classification
CWE
CWE-79
Status
published
Affected Products (13)
manageengine/password_manager_pro
< 6.1
manageengine/password_manager_pro
< 6.1
manageengine/password_manager_pro
manageengine/password_manager_pro
manageengine/password_manager_pro
manageengine/password_manager_pro
manageengine/password_manager_pro
manageengine/password_manager_pro
manageengine/password_manager_pro
manageengine/password_manager_pro
manageengine/password_manager_pro
manageengine/password_manager_pro6.1
< -
n/a/n/a
Timeline
Published
Dec 22, 2009
Tracked Since
Feb 18, 2026