QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3443

Published: Jul 2, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20150624 CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

20150624 CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004

mailing-list

x_refsource_FULLDISC

http://thycotic.com/products/secret-server/resources/advisories/thy-ss-004/

x_refsource_CONFIRM

http://www.csnc.ch/misc/files/advisories/CVE-2015-3443_Thycotic_Secret_Server_XSS.TXT

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.