Skip to main content

Secret Server CVE-2019-18356

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-10-23 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 23, 2019 - 19:15 nvd
MEDIUM 6.1

DescriptionNVD

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).

AnalysisAI

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). Affected products include: Thycotic Secret Server. Version information: before 10.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-33891 HIGH POC
8.8 Apr 28

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webs

CVE-2024-12908 HIGH POC
8.3 Dec 26

Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protoc

CVE-2019-18355 CRITICAL
9.8 Oct 23

An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. Rated critical severity (

CVE-2024-25652 HIGH
8.4 Mar 14

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access

CVE-2015-3443 LOW POC
3.5 Jul 02

Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before

CVE-2023-4589 HIGH
7.2 Sep 06

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. Rate

CVE-2024-25649 MEDIUM
6.7 Mar 14

In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machin

CVE-2025-12810 MEDIUM
6.5 Jan 27

Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue a

CVE-2021-41845 MEDIUM
6.5 Oct 01

A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. Rated medium severity (CVSS 6

CVE-2019-18357 MEDIUM
6.1 Oct 23

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). Rated medium severity (CVSS 6.1), this

CVE-2024-25650 MEDIUM
5.9 Mar 14

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator

CVE-2015-4094 MEDIUM
5.8 Jun 02

The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL

Share

CVE-2019-18356 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy