VYPR
Vendor

SerpicoProject

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2020-12687MedMay 7, 2020
    risk 0.00cvss 6.5epss 0.01

    An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database.

  • CVE-2019-19858MedJan 15, 2020
    risk 0.00cvss 4.8epss 0.01

    An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.

  • CVE-2019-19856MedJan 15, 2020
    risk 0.00cvss 4.8epss 0.01

    An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.

  • CVE-2019-19855MedJan 15, 2020
    risk 0.00cvss 4.8epss 0.01

    An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.