Serpico Project Serpico — known CVE vulnerabilities
Every CVE whose affected-product data names Serpico Project Serpico, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2019-19854 — CVSS 8.8 (high): An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate…
CVE-2019-19857 — CVSS 6.5 (medium): An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without…
CVE-2020-12687 — CVSS 6.5 (medium): An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users…
CVE-2019-19859 — CVSS 5.3 (medium): An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via…
CVE-2019-19855 — CVSS 4.8 (medium): An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the…
CVE-2019-19858 — CVSS 4.8 (medium): An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the…
CVE-2019-19856 — CVSS 4.8 (medium): An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page…