Meteocontrol

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4504 1Meteocontrol 1Weblog May 13, 2026 Mar 21, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per fun...Show more A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.Show less
CVE-2016-2298 1Meteocontrol 4Web'log Basic 100 Web'log LightWeb'log Pro+1 more May 6, 2026 May 14, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
CVE-2016-2297 1Meteocontrol 4Web'log Basic 100 Web'log LightWeb'log Pro+1 more May 6, 2026 May 14, 2016 N/A· v4 9.4 CRITICAL· v3 9.7 HIGH· v2 Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
CVE-2016-2296 1Meteocontrol 4Web'log Basic 100 Web'log LightWeb'log Pro+1 more May 6, 2026 May 14, 2016 N/A· v4 9.4 CRITICAL· v3 7.5 HIGH· v2 Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vec...Show more Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.Show less