VYPR
Medium severity6.5NVD Advisory· Published Jan 15, 2020· Updated Jun 17, 2026

CVE-2019-19857

CVE-2019-19857

Description

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.

Affected products

2
  • Serpico/SimplE RePort wrIting and CollaboratiOn tooldescription
  • Serpico/Serpicollm-fuzzy
    Range: =1.3.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.