CVE-2016-4807
published 2017-01-11CVE-2016-4807: Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
PriorityP425medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
2.28%
81.0th percentile
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| web2py | web2py | <= 2.14.5 | — |
| web2py | web2py | 0 – 2.14.5 | — |
CVSS provenance
nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv4.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Web2py Reflected XSS vulnerability
osv·2022-05-17
CVE-2016-4807 [MEDIUM] Web2py Reflected XSS vulnerability
Web2py Reflected XSS vulnerability
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
GHSA
Web2py Reflected XSS vulnerability
ghsa·2022-05-17
CVE-2016-4807 [MEDIUM] CWE-79 Web2py Reflected XSS vulnerability
Web2py Reflected XSS vulnerability
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
OSV
CVE-2016-4807: Web2py versions 2
osv·2017-01-11·CVSS 4.8
CVE-2016-4807 [MEDIUM] CVE-2016-4807: Web2py versions 2
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
No detection rules found.
No writeups or analysis indexed.
2017-01-11
Published