← Back

Iblsoft

iblsoft

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Online Weather
online_weather
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-9407
1Iblsoft
1Online Weather
Nov 21, 2024
Feb 26, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9406
1Iblsoft
1Online Weather
Nov 21, 2024
Feb 26, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9405
1Iblsoft
1Online Weather
Nov 21, 2024
Feb 26, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.