Vulnerabilities (CVE)

Filtered by vendor Iblsoft Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9407 1 Iblsoft 1 Online Weather 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9406 1 Iblsoft 1 Online Weather 2024-11-21 7.5 HIGH 9.8 CRITICAL
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9405 1 Iblsoft 1 Online Weather 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.