CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-19854

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges from User level to Administrator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://websec.nl/news.php
https://websec.nl/news.php

Products affected by CVE-2019-19854

Serpico Project » Serpico » Version: 1.3.0

cpe:2.3:a:serpico_project:serpico:1.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19854

Products

Pricing

Contact Us