Vulnerabilities > Web2Py
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-11 | CVE-2016-4807 | Cross-site Scripting vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). | 4.8 |
2017-01-11 | CVE-2016-4806 | Information Exposure vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | 7.5 |