CVE-2013-2311
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.3
Description
Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| web2py | web2py | {"endIncluding":"2.2.1"} | |
| web2py | web2py | 1.16.0 | |
| web2py | web2py | 1.17.0 | |
| web2py | web2py | 1.18.0 | |
| web2py | web2py | 1.19.0 | |
| web2py | web2py | 1.20.0 | |
| web2py | web2py | 1.21.0 | |
| web2py | web2py | 1.22.0 | |
| web2py | web2py | 1.23.0 | |
| web2py | web2py | 1.24.0 | |
| web2py | web2py | 1.25.0 | |
| web2py | web2py | 1.26.0 | |
| web2py | web2py | 1.27.0 | |
| web2py | web2py | 1.28.0 | |
| web2py | web2py | 1.29.0 | |
| web2py | web2py | 1.30.0 | |
| web2py | web2py | 1.31.0 | |
| web2py | web2py | 1.40.0 | |
| web2py | web2py | 1.41.0 | |
| web2py | web2py | 1.42.0 | |
| web2py | web2py | 1.43.0 | |
| web2py | web2py | 1.44.0 | |
| web2py | web2py | 1.45.0 | |
| web2py | web2py | 1.46.0 | |
| web2py | web2py | 1.47.0 | |
| web2py | web2py | 1.48.0 | |
| web2py | web2py | 1.49.0 | |
| web2py | web2py | 1.50.0 | |
| web2py | web2py | 1.51.0 | |
| web2py | web2py | 1.52.0 | |
| web2py | web2py | 1.53.0 | |
| web2py | web2py | 1.54.0 | |
| web2py | web2py | 1.55.0 | |
| web2py | web2py | 1.56.0 | |
| web2py | web2py | 1.56.1 | |
| web2py | web2py | 1.56.2 | |
| web2py | web2py | 1.56.3 | |
| web2py | web2py | 1.56.4 | |
| web2py | web2py | 1.57.0 | |
| web2py | web2py | 1.58.0 | |
| web2py | web2py | 1.59.0 | |
| web2py | web2py | 1.60.0 | |
| web2py | web2py | 1.61.0 | |
| web2py | web2py | 1.62.0 | |
| web2py | web2py | 1.63.0 | |
| web2py | web2py | 1.63.1 | |
| web2py | web2py | 1.63.2 | |
| web2py | web2py | 1.63.3 | |
| web2py | web2py | 1.63.4 | |
| web2py | web2py | 1.63.5 | |
| web2py | web2py | 1.64.0 | |
| web2py | web2py | 1.64.2 | |
| web2py | web2py | 1.64.3 | |
| web2py | web2py | 1.64.4 | |
| web2py | web2py | 1.65.0 | |
| web2py | web2py | 1.65.1 | |
| web2py | web2py | 1.65.2 | |
| web2py | web2py | 1.65.3-10 | |
| web2py | web2py | 1.65.11 | |
| web2py | web2py | 1.65.12 | |
| web2py | web2py | 1.65.13 | |
| web2py | web2py | 1.66.0 | |
| web2py | web2py | 1.67.0 | |
| web2py | web2py | 1.67.1 | |
| web2py | web2py | 1.67.2 | |
| web2py | web2py | 1.68.1 | |
| web2py | web2py | 1.68.2 | |
| web2py | web2py | 1.69.1 | |
| web2py | web2py | 1.70.1 | |
| web2py | web2py | 1.71.1 | |
| web2py | web2py | 1.72.1 | |
| web2py | web2py | 1.72.3 | |
| web2py | web2py | 1.73.1 | |
| web2py | web2py | 1.74.1 | |
| web2py | web2py | 1.74.2-4 | |
| web2py | web2py | 1.74.5 | |
| web2py | web2py | 1.74.6 | |
| web2py | web2py | 1.74.7 | |
| web2py | web2py | 1.74.8 | |
| web2py | web2py | 1.74.9 | |
| web2py | web2py | 1.75.1 | |
| web2py | web2py | 1.75.2 | |
| web2py | web2py | 1.75.3 | |
| web2py | web2py | 1.75.4 | |
| web2py | web2py | 1.75.5 | |
| web2py | web2py | 1.76.1 | |
| web2py | web2py | 1.76.2 | |
| web2py | web2py | 1.76.3 | |
| web2py | web2py | 1.76.4 | |
| web2py | web2py | 1.76.5 | |
| web2py | web2py | 1.77.1 | |
| web2py | web2py | 1.77.2 | |
| web2py | web2py | 1.77.3 | |
| web2py | web2py | 1.78.1 | |
| web2py | web2py | 1.78.3 | |
| web2py | web2py | 1.79.1 | |
| web2py | web2py | 1.79.2 | |
| web2py | web2py | 1.80.1 | |
| web2py | web2py | 1.81.1 | |
| web2py | web2py | 1.81.2 | |
| web2py | web2py | 1.81.3 | |
| web2py | web2py | 1.81.4 | |
| web2py | web2py | 1.81.5 | |
| web2py | web2py | 1.82.1 | |
| web2py | web2py | 1.83.1 | |
| web2py | web2py | 1.83.2 | |
| web2py | web2py | 1.84.1 | |
| web2py | web2py | 1.84.4 | |
| web2py | web2py | 1.85.1 | |
| web2py | web2py | 1.85.3 | |
| web2py | web2py | 1.86.1 | |
| web2py | web2py | 1.86.3 | |
| web2py | web2py | 1.87.1 | |
| web2py | web2py | 1.87.2 | |
| web2py | web2py | 1.87.3 | |
| web2py | web2py | 1.88.1 | |
| web2py | web2py | 1.89.1 | |
| web2py | web2py | 1.89.5 | |
| web2py | web2py | 1.90.1 | |
| web2py | web2py | 1.90.2 | |
| web2py | web2py | 1.90.4 | |
| web2py | web2py | 1.90.5 | |
| web2py | web2py | 1.90.6 | |
| web2py | web2py | 1.91.1 | |
| web2py | web2py | 1.91.2 | |
| web2py | web2py | 1.91.5 | |
| web2py | web2py | 1.91.6 | |
| web2py | web2py | 1.92.1 | |
| web2py | web2py | 1.93.1 | |
| web2py | web2py | 1.93.2 | |
| web2py | web2py | 1.94.1 | |
| web2py | web2py | 1.94.2 | |
| web2py | web2py | 1.94.3 | |
| web2py | web2py | 1.94.4 | |
| web2py | web2py | 1.94.5 | |
| web2py | web2py | 1.94.6 | |
| web2py | web2py | 1.95.1 | |
| web2py | web2py | 1.96.1 | |
| web2py | web2py | 1.96.2 | |
| web2py | web2py | 1.96.4 | |
| web2py | web2py | 1.97.1 | |
| web2py | web2py | 1.98.1 | |
| web2py | web2py | 1.98.2 | |
| web2py | web2py | 1.99.1 | |
| web2py | web2py | 1.99.2 | |
| web2py | web2py | 1.99.3 | |
| web2py | web2py | 1.99.4 | |
| web2py | web2py | 1.99.5 | |
| web2py | web2py | 1.99.7 | |
| web2py | web2py | 2.0.1-11 | |
| web2py | web2py | 2.1.0 | |
References
- http://jvn.jp/en/jp/JVN10461119/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000040
- https://groups.google.com/group/web2py/msg/ca10dffa2f0b2731?dmode=source&output=gplain
- http://jvn.jp/en/jp/JVN10461119/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000040
- https://groups.google.com/group/web2py/msg/ca10dffa2f0b2731?dmode=source&output=gplain
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.