Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x prior to 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thycotic secret server 8.8.000000 |
||
thycotic secret server 8.8.000001 |
||
thycotic secret server 8.6.000000 |
||
thycotic secret server 8.6.000009 |
||
thycotic secret server 8.8.000004 |
||
thycotic secret server 8.6.000010 |
||
thycotic secret server 8.7.000000 |