CVE-2009-4387

Name of the Vulnerable Software and Affected Versions ManageEngine Password Manager Pro (PMP) versions prior to 6.1 Build 6104

Description The issue concerns a flaw in the cross-site scripting (XSS) protection mechanism. This flaw allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and other unspecified inputs, due to the use of case-sensitive checks for malicious inputs.

Recommendations For versions prior to 6.1 Build 6104, update to version 6.1 Build 6104 or later to resolve the issue. As a temporary workaround, consider restricting access to the searchtext parameter in the affected API endpoint until a patch is available.