Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9407 | 1 Iblsoft | 1 Online Weather | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. | |||||
CVE-2020-9406 | 1 Iblsoft | 1 Online Weather | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | |||||
CVE-2020-9405 | 1 Iblsoft | 1 Online Weather | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. |