CVE-2016-4807

MEDIUM4.8EPSS 0.36%

Web2py Reflected XSS vulnerability

Published: 5/17/2022Modified: 4/21/2025

Description

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

Affected packages (1)

PyPI/web2pyfrom 0, <= 2.14.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.8	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-4807
PATCHhttps://github.com/web2py/web2py
WEBhttp://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.html
WEBhttps://www.exploit-db.com/exploits/39821