Phone Number +1-202-802-9399 (US)

THY-SS-004

Security Advisory for XSS Vulnerability

Date: 02/20/2015

On Friday, February 20th, an XSS vulnerability was reported within Secret Server.

What does this mean? Script could be injected and then run by a different user.

Who’s affected? Secret Server customers on version 8.6.000000 – 8.8.000004.

What to do? Update Secret Server to version 8.8.000005, which fixes the XSS vulnerability.

The CVSSv2 score for this issue is (AV:N/AC:M/Au:S/C:C/I:P/A:N).

The CVE-ID for this issue is CVE-2015-3443

This issue was discovered and responsibly disclosed by Marco Delai of Compass Security Schweiz AG.