CVE-2015-3443

Name of the Vulnerable Software and Affected Versions Thycotic Secret Server versions 8.6.x through 8.8.x before 8.8.000005

Description A cross-site scripting (XSS) issue exists in the basic dashboard, allowing remote authenticated users to inject arbitrary web script or HTML via a password entry. This occurs because the password entry is not properly handled when toggling the password mask.

Recommendations For Thycotic Secret Server versions 8.6.x through 8.8.x before 8.8.000005, update to version 8.8.000005 or later to resolve the issue. As a temporary workaround, consider restricting access to the basic dashboard to minimize the risk of exploitation. Avoid using the password entry feature in the affected dashboard until the issue is resolved.