Vulnerabilities > Web2Py > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-06 | CVE-2016-3952 | Credentials Management vulnerability in Web2Py web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. | 2.1 |
| 2018-02-06 | CVE-2016-3954 | Information Exposure vulnerability in Web2Py web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. | 2.1 |
| 2017-01-11 | CVE-2016-4807 | Cross-site Scripting vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). | 3.5 |