CVE-2015-3443 in Secret Serverinfo

Summary

Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

04/28/2015

Disclosure

07/02/2015

Moderation

VulDB entry created

Entries

VDB-76258 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

Exploit

Download

CVSS

3.5

EPSS

0.01550

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-3443
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-3443
CVE Details	https://www.cvedetails.com/cve/CVE-2015-3443/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!