Security Advisory

CVE-2019-19857

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-15 22:47:27

Last updated 2024-08-05 02:32:08

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS.

← Browse all CVEs View on cve.org ↗