The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) prior to 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote malicious users to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
manageengine password manager pro 5.2 |
||
manageengine password manager pro 5.1 |
||
manageengine password manager pro 5.0 |
||
manageengine password manager pro 4.8 |
||
manageengine password manager pro 4.7 |
||
manageengine password manager pro |
||
manageengine password manager pro 5.4 |
||
manageengine password manager pro 4.6 |
||
manageengine password manager pro6.1 |
||
manageengine password manager pro 6.0 |
||
manageengine password manager pro 5.3 |
Vulmon