Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
{ "github_reviewed_at": "2025-04-21T22:52:15Z", "severity": "MODERATE", "nvd_published_at": "2017-01-11T16:59:00Z", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }