Vulnerability Description
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
CVSS Score
4.8
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Web2Py | Web2Py | <= 2.14.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-InExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/39821/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-InExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/39821/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2016-4807?
CVE-2016-4807 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
How severe is CVE-2016-4807?
CVE-2016-4807 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4807?
Check the references section above for vendor advisories and patch information. Affected products include: Web2Py Web2Py.