CVE-2016-4807: Web2py Reflected XSS vulnerability

May 17, 2022 (updated April 21, 2025)

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).

References

github.com/advisories/GHSA-pvcp-73cg-6f77
github.com/web2py/web2py
nvd.nist.gov/vuln/detail/CVE-2016-4807
www.exploit-db.com/exploits/39821

Code Behaviors & Features

Detect and mitigate CVE-2016-4807 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →