CVE-2016-4807

Опубликовано: 11 янв. 2017

Источник: debian

Описание

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

Пакеты

Пакет	Статус	Релиз	Тип
web2py	removed		package
web2py	ignored	jessie	package
web2py	no-dsa	wheezy	package

Примечания

https://github.com/web2py/web2py/issues/1585
https://github.com/web2py/web2py/commit/51c3b633fe7ad647bc3013e899c1e3a910362dd1

Связанные уязвимости

CVE-2016-4807

CVSS3: 4.8

ubuntu

около 9 лет назад

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

CVE-2016-4807

CVSS3: 4.8

nvd

около 9 лет назад

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

GHSA-pvcp-73cg-6f77

CVSS3: 4.8

github

больше 3 лет назад

Web2py Reflected XSS vulnerability