Skip to main content

Web2Py

9 CVEs product

Monthly

CVE-2023-45158 CRITICAL PATCH Act Now

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Web2Py
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2023-22432 PyPI MEDIUM POC PATCH This Month

Open redirect vulnerability exists in web2py versions prior to 2.23.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Web2Py
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2022-33146 PyPI MEDIUM PATCH This Month

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Web2Py
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2015-6961 MEDIUM PATCH This Month

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Web2Py
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10321 PyPI CRITICAL PATCH Act Now

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Web2Py
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-4808 PyPI HIGH POC PATCH This Week

Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Web2Py
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-4807 PyPI MEDIUM POC This Month

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web2Py
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
0.4%
CVE-2016-4806 HIGH POC This Week

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Web2Py
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
6.7%
CVE-2013-2311 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Web2Py
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Web2Py
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

Open redirect vulnerability exists in web2py versions prior to 2.23.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Web2Py
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Web2Py
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Web2Py
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Web2Py
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Web2Py
NVD Exploit-DB
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web2Py
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH POC This Week

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Web2Py
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Web2Py
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy