cve/2019/CVE-2019-19857.md

CVE-2019-19857

Description

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.

POC

Reference

• https://websec.nl/news.php

Github

No PoCs found on GitHub currently.