CVE-2019-19857

CVE-2019-19857

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.

Source: CVE-2019-19857

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다