CVE-2019-19857

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-19857

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19857.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19857

Published

2020-01-15T23:15:11.777Z

Modified

2025-11-20T11:00:44.868442Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.

References

https://websec.nl/news.php

Affected packages

Git / github.com/serpicoproject/serpico

Affected ranges

Type: GIT
Repo: https://github.com/serpicoproject/serpico
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7d7bc536b4de1f10e1e0feff0e5804150383b917

Affected versions

1.*

1.0

1.1.0

1.1.1

1.2.1

1.2.2

1.2.2.1

1.3.0

Other

BH2016Alpha

BH2017_1.*

BH2017_1.2.0_Alpha

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19857.json"