Kaspersky Password Manager 5.x < HTML Injection

low Nessus Plugin ID 62800


The remote Windows host has a password manager installed that is affected by an HTML injection vulnerability.


The version of Kaspersky Password Manager installed on the remote Windows host is 5.x prior to As such, it is potentially affected by an HTML injection vulnerability.

A remote attacker can trick a user into visiting a malicious website and into saving malicious code from the site when the application's password management features are used. Later, the user could trigger the malicious code when using Password Manager's export functionality.


Upgrade to Kaspersky Password Manager or later.

See Also


Plugin Details

Severity: Low

ID: 62800

File Name: kaspersky_password_manager_5_0_0_169.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 11/2/2012

Updated: 11/15/2018

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.5

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: x-cpe:/a:kaspersky:kaspersky_password_manager

Required KB Items: SMB/Kaspersky/PasswordManager/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/31/2012

Vulnerability Publication Date: 7/12/2012

Reference Information

BID: 54760

CWE: 20, 79, 74, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990