CVE-2016-4807 – web2py

Package

Manager: pip
Name: web2py
Vulnerable Version: >=0 <=2.14.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00464 pctl0.63405

Details

Web2py Reflected XSS vulnerability Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

Metadata

Created: 2022-05-17T03:05:11Z
Modified: 2025-04-21T22:52:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pvcp-73cg-6f77/GHSA-pvcp-73cg-6f77.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-pvcp-73cg-6f77
Finding: F008
Auto approve: 1