An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://websec.nl/news.php |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-15T22:47:27
Updated: 2024-08-05T02:32:08.894Z
Reserved: 2019-12-17T00:00:00
Link: CVE-2019-19857
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-01-15T23:15:11.777
Modified: 2024-11-21T04:35:32.587
Link: CVE-2019-19857
Redhat
No data.