CVE-2019-19856 — MEDIUM (4.8)

Vulnerability Description

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Serpico Project	Serpico	1.3.0

Related Weaknesses (CWE)

CWE-79

References

https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61PatchThird Party Advisory
https://websec.nl/news.phpThird Party Advisory
https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61PatchThird Party Advisory
https://websec.nl/news.phpThird Party Advisory

FAQ

What is CVE-2019-19856?

CVE-2019-19856 is a vulnerability with a CVSS score of 4.8 (MEDIUM). An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.

How severe is CVE-2019-19856?

CVE-2019-19856 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19856?

Check the references section above for vendor advisories and patch information. Affected products include: Serpico Project Serpico.