Vulnerability Details CVE-2019-19857
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.0
Products affected by CVE-2019-19857
-
cpe:2.3:a:serpico_project:serpico:1.3.0