Vulnerabilities > Web2Py

DATE CVE VULNERABILITY TITLE RISK
2017-01-11 CVE-2016-4807 Cross-site Scripting vulnerability in Web2Py
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
network
low complexity
web2py CWE-79
4.8
2017-01-11 CVE-2016-4806 Information Exposure vulnerability in Web2Py
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
network
low complexity
web2py CWE-200
7.5