Medium severity6.5NVD Advisory· Published Jan 15, 2020· Updated Jun 17, 2026
CVE-2019-19857
CVE-2019-19857
Description
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.
Affected products
2- Serpico/SimplE RePort wrIting and CollaboratiOn tooldescription
Patches
Vulnerability mechanics
References
1- websec.nl/news.phpnvdThird Party Advisory
News mentions
0No linked articles in our index yet.