Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv3

CVE-2016-4807

Published: 11/01/2017 Updated: 11/01/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 355
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Web2py

Vulnerability Summary

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an malicious user to perform an XSS attack on logged in user (admin).

Vulnerable Product Search on Vulmon Subscribe to Product

web2py web2py

Vendor Advisories

Debian CVElist Bug Report Logs: web2py: CVE-2016-4806 CVE-2016-4807 CVE-2016-4808
Debian Bug report logs - #856127 web2py: CVE-2016-4806 CVE-2016-4807 CVE-2016-4808 Package: web2py; Maintainer for web2py is José L Redrejo Rodríguez <jredrejo@debianorg>; Reported by: Thorsten Alteholz <debian@alteholzde> Date: Sat, 25 Feb 2017 12:57:02 UTC Severity: important Tags: security, upstream Fixed in ...

Exploits

Exploit DB: Web2py 2.14.5 - Multiple Vulnerabilities
Title - Web2py 2145 Multiple Vulnerabilities LFI,XSS,CSRF # Exploit Title : Web2py 2145 Multiple Vulnerabilities LFI, XSS,CSRF # Reported Date : 2-April-2016 # Fixed Date : 4-April-2016 # Exploit Author : Narendra Bhati - wwwexploit-dbcom/author/?a=7638 # CVE ID : LFI - CVE-2016-4806 , Reflected XSS - CVE-2016-4807 , CSRF - CVE-2016- ...
Exploit DB: Web2py 2.14.5 CSRF / XSS / Local File Inclusion
Web2py version 2145 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities ...

References

CWE-79https://www.exploit-db.com/exploits/39821/http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856127https://nvd.nist.govhttps://www.exploit-db.com/exploits/39821/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook