Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9406 | 1 Iblsoft | 1 Online Weather | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | |||||
| CVE-2020-9407 | 1 Iblsoft | 1 Online Weather | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. | |||||
| CVE-2020-9405 | 1 Iblsoft | 1 Online Weather | 2020-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. | |||||