Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
serpico vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-12687
An issue exists in Serpico prior to 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database.
Serpico Project Serpico
3.5
CVSSv2
CVE-2019-19855
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.
Serpico Project Serpico 1.3.0
3.5
CVSSv2
CVE-2019-19856
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.
Serpico Project Serpico 1.3.0
5
CVSSv2
CVE-2019-19857
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the ...
Serpico Project Serpico 1.3.0
3.5
CVSSv2
CVE-2019-19858
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.
Serpico Project Serpico 1.3.0
5
CVSSv2
CVE-2019-19859
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database.
Serpico Project Serpico 1.3.0
6.8
CVSSv2
CVE-2019-19854
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges fro...
Serpico Project Serpico 1.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started