SerpicoProject
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12687 | Med | 0.00 | 6.5 | 0.01 | May 7, 2020 | An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database. | ||
| CVE-2019-19858 | Med | 0.00 | 4.8 | 0.01 | Jan 15, 2020 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter. | ||
| CVE-2019-19856 | Med | 0.00 | 4.8 | 0.01 | Jan 15, 2020 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter. | ||
| CVE-2019-19855 | Med | 0.00 | 4.8 | 0.01 | Jan 15, 2020 | An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter. |
- risk 0.00cvss 6.5epss 0.01
An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database.
- risk 0.00cvss 4.8epss 0.01
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.
- risk 0.00cvss 4.8epss 0.01
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.
- risk 0.00cvss 4.8epss 0.01
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.