CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-19856

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.4%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182
https://websec.nl/news.php
https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182
https://websec.nl/news.php

Products affected by CVE-2019-19856

Serpico Project » Serpico » Version: 1.3.0

cpe:2.3:a:serpico_project:serpico:1.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19856

Products

Pricing

Contact Us