Vulnerabilities > Web2Py > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2023-22432 | Open Redirect vulnerability in Web2Py Open redirect vulnerability exists in web2py versions prior to 2.23.1. | 6.1 |
| 2022-06-27 | CVE-2022-33146 | Open Redirect vulnerability in Web2Py Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 6.1 |
| 2018-02-06 | CVE-2016-3954 | Information Exposure vulnerability in Web2Py web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. | 5.5 |
| 2017-10-18 | CVE-2015-6961 | Open Redirect vulnerability in Web2Py 2.9.11 Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout. | 6.1 |
| 2017-01-11 | CVE-2016-4807 | Cross-site Scripting vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). | 4.8 |