Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an malicious user to perform an XSS attack on logged in user (admin).
web2py web2py