CVE-2019-19857 – An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3. …

Vuln ID: CVE-2019-19857

Published:  2020-01-15  23:15:11Z

Description: An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.

Source: NVD.NIST.GOV

 

Tags