Description
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Narendra Bhati · textwebappspython
https://www.exploit-db.com/exploits/39821
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/39821/
Scores
CVSS v3
4.8
EPSS
0.0041
EPSS Percentile
61.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
pypi/web2py
0PyPI
web2py/web2py
< 2.14.5
Published
Jan 11, 2017
Tracked Since
Feb 18, 2026