CVE-2016-4807

MEDIUM

Web2py < 2.14.5 - XSS

Title source: rule

Description

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

Exploits (1)

exploitdb WRITEUP VERIFIED

by Narendra Bhati · textwebappspython

https://www.exploit-db.com/exploits/39821

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39821/

Scores

CVSS v3 4.8

EPSS 0.0041

EPSS Percentile 61.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (3)

web2py/web2py < 2.14.5

pypi/web2py PyPI

n/a/n/a

Timeline

Published Jan 11, 2017

Tracked Since Feb 18, 2026