Published: 02/07/2015 Updated: 09/10/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x prior to 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.

Vulnerable Product	Search on Vulmon	Subscribe to Product
thycotic secret server 8.8.000000
thycotic secret server 8.8.000001
thycotic secret server 8.6.000000
thycotic secret server 8.6.000009
thycotic secret server 8.8.000004
thycotic secret server 8.6.000010
thycotic secret server 8.7.000000

############################################################# # # COMPASS SECURITY ADVISORY # wwwcsncch/en/downloads/advisorieshtml # ############################################################# # # CVE ID : CVE-2015-3443 # Product: Secret Server [1] # Vendor: Thycotic # Subject: Stored Cross-Site Scripting Vulnerability (XSS) # ...

Thycotic Secret Server versions 86000000 through 88000004 suffer from a persistent cross site scripting vulnerability ...

CWE-79 http://thycotic.com/products/secret-server/resources/advisories/thy-ss-004/http://www.csnc.ch/misc/files/advisories/CVE-2015-3443_Thycotic_Secret_Server_XSS.TXT http://www.securityfocus.com/bid/75393 https://www.exploit-db.com/exploits/37394/http://seclists.org/fulldisclosure/2015/Jun/78 http://www.securityfocus.com/archive/1/535821/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/37394/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-3443

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect