Vulnerabilities > Thycotic > Secret Server > 8.6.000000
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-23 | CVE-2019-18357 | Cross-site Scripting vulnerability in Thycotic Secret Server An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | 4.3 |
| 2019-10-23 | CVE-2019-18356 | Cross-site Scripting vulnerability in Thycotic Secret Server An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | 4.3 |
| 2019-10-23 | CVE-2019-18355 | Server-Side Request Forgery (SSRF) vulnerability in Thycotic Secret Server An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | 7.5 |
| 2018-03-09 | CVE-2014-4861 | Credentials Management vulnerability in Thycotic Secret Server 8.6.000000/8.6.000009 The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. | 7.5 |
| 2017-07-29 | CVE-2017-11725 | Open Redirect vulnerability in Thycotic Secret Server The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | 5.8 |
| 2015-07-02 | CVE-2015-3443 | Cross-site Scripting vulnerability in Thycotic Secret Server Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask. | 3.5 |