CVE-2015-3443

NONECVSS 0.0

0.0

Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.

🔗 References (12)

cve@mitrehttp://seclists.org/fulldisclosure/2015/Jun/78
cve@mitrehttp://thycotic.com/products/secret-server/resources/advisories/thy-ss-004/
cve@mitrehttp://www.csnc.ch/misc/files/advisories/CVE-2015-3443_Thycotic_Secret_Server_XSS.TXT
cve@mitrehttp://www.securityfocus.com/archive/1/535821/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/75393
cve@mitrehttps://www.exploit-db.com/exploits/37394/
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/Jun/78
af854a3a-2127-422b-91ae-364da2661108http://thycotic.com/products/secret-server/resources/advisories/thy-ss-004/
af854a3a-2127-422b-91ae-364da2661108http://www.csnc.ch/misc/files/advisories/CVE-2015-3443_Thycotic_Secret_Server_XSS.TXT
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/535821/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75393
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/37394/

Is Your Infrastructure Affected by CVE-2015-3443?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-3443

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-3443?