cbcvebase.
CVE-2016-4807
published 2017-01-11

CVE-2016-4807: Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

PriorityP425medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
2.28%
81.0th percentile
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

Affected

2 ranges
VendorProductVersion rangeFixed in
web2pyweb2py<= 2.14.5
web2pyweb2py0 – 2.14.5

CVSS provenance

nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv4.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.