CVE-2019-19858
MEDIUMSerpico 1.3.0 - Stored Cross-Site Scripting via Author Parameter
Title source: llmDescription
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://websec.nl/news.php
Patch, Third Party Advisory x_refsource_confirm
https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182
Scores
CVSS v3
4.8
EPSS
0.0059
EPSS Percentile
43.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
serpico_project/serpico
1.3.0
Published
Jan 15, 2020
Tracked Since
Feb 18, 2026