Online Weather

online_weather

Vendor: Iblsoft • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-9407 1Iblsoft 1Online Weather Nov 21, 2024 Feb 26, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9406 1Iblsoft 1Online Weather Nov 21, 2024 Feb 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9405 1Iblsoft 1Online Weather Nov 21, 2024 Feb 26, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.