CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Web2py: >> Web2py >> 2.9.11 Security Vulnerabilities

CVE-2016-4807

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

CVSS Score

4.8

EPSS Score

0.005

Published

2017-01-11

CVE-2016-4808

Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.

CVSS Score

8.8

EPSS Score

0.002

Published

2017-01-11

Page 2

Vulnerabilities

Vulnerable Software

Web2py: >> Web2py >> 2.9.11 Security Vulnerabilities

Products

Pricing

Contact Us