VYPR

Serpico

by Serpico

CVEs (3)

  • CVE-2019-19854HigJan 15, 2020
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate…

  • CVE-2019-19857MedJan 15, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password…

  • CVE-2019-19859MedJan 15, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database.