PasswordManager Pro 6.1 Script Injection Vulnerability
scip AG Vulnerability ID 4063 (12/15/2009) http://www.scip.ch/?vuldb.4063
Stefan Friedli at scip AG (Switzerland) found an input validation error within the current release, which enabled an attacker to perform various web-based attacks.
The processing method for the search function fails to perform proper input validation on the data that is being submitted via HTTP GET. The parameter "searchtext" lacks validation and is therefore vulnerable to script injection. While there is a basic input filterting method in place, it fails to detect more advanced (e.g. encoded) payloads.
Other parts of the application might be affected too.
This vulnerability has been tested on version 6.1, other versions might be affected as well.
Advisory:
PasswordManager Pro 6.1 Script Injection Vulnerability
