VYPR

Online Weather

by IBL

CVEs (3)

  • CVE-2020-9406CriFeb 26, 2020
    risk 0.64cvss 9.8epss 0.01

    IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.

  • CVE-2020-9405MedFeb 26, 2020
    risk 0.40cvss 6.1epss 0.01

    IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.

  • CVE-2020-9407MedFeb 26, 2020
    risk 0.34cvss 5.3epss 0.01

    IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.