BuffaloWill/Serpico

BuffaloWill/Serpico

Releases17

Frequency2 months 3 weeks

Last Release about 6 years ago

Stars1.11K

SimplE RePort wrIting and COllaboration tool

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-12687 ↗	May 7, 2020Thursday, 7 May 2020, 16:15	6.5 MEDIUM	4 MEDIUM
An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database.
CVE-2019-19855 ↗	Jan 15, 2020Wednesday, 15 January 2020, 23:15	4.8 MEDIUM	3.5 LOW
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.
CVE-2019-19856 ↗	Jan 15, 2020Wednesday, 15 January 2020, 23:15	4.8 MEDIUM	3.5 LOW
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.
CVE-2019-19858 ↗	Jan 15, 2020Wednesday, 15 January 2020, 23:15	4.8 MEDIUM	3.5 LOW
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.