Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33146 | 1 Web2py | 1 Web2py | 2022-07-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2016-3954 | 1 Web2py | 1 Web2py | 2019-06-21 | 2.1 LOW | 5.5 MEDIUM |
| web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957. | |||||
| CVE-2015-6961 | 1 Web2py | 1 Web2py | 2017-10-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout. | |||||
| CVE-2016-4807 | 1 Web2py | 1 Web2py | 2017-01-11 | 3.5 LOW | 4.8 MEDIUM |
| Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). | |||||