Vulnerabilities > Web2Py

DATE CVE VULNERABILITY TITLE RISK
2017-01-11 CVE-2016-4807 Cross-site Scripting vulnerability in Web2Py
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
network
web2py CWE-79
3.5
2017-01-11 CVE-2016-4806 Information Exposure vulnerability in Web2Py
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
network
low complexity
web2py CWE-200
5.0
2013-05-22 CVE-2013-2311 Cross-Site Scripting vulnerability in Web2Py
Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
web2py CWE-79
4.3