4 matches found
CVE-2019-19859
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database...
CVE-2019-19856
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. The User Type on the admin/listuser page allows stored XSS via the type parameter...
CVE-2019-19858
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. admin/adduser/UID allows stored XSS via the author parameter...
CVE-2019-19855
An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. admin/listuser allows stored XSS via the authtype parameter...