Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Stored XSS flaw patched in Thycotic secret server

Stored XSS flaw patched in Thycotic secret server

2015/06/25

Threatpost - (International) Thycotic patched a stored cross-site scripting (XSS) vulnerability in its Secret Server product in which an attacker could use JavaScript code in the browser of a valid user to toggle the password mask and steal a victim's stored passwords.

Source: https://threatpost.com/stored-xss-flaw-patched-in-thycotic-secret-server/113473

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:34