Online Weather
by IBL
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9406 | Cri | 0.64 | 9.8 | 0.01 | Feb 26, 2020 | IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | ||
| CVE-2020-9405 | Med | 0.40 | 6.1 | 0.01 | Feb 26, 2020 | IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. | ||
| CVE-2020-9407 | Med | 0.34 | 5.3 | 0.01 | Feb 26, 2020 | IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. |
- risk 0.64cvss 9.8epss 0.01
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
- risk 0.40cvss 6.1epss 0.01
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
- risk 0.34cvss 5.3epss 0.01
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.