Skip to main content

Online Weather

3 CVEs product

Monthly

CVE-2020-9407 MEDIUM This Month

IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Online Weather
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-9406 CRITICAL Act Now

IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Online Weather
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-9405 MEDIUM This Month

IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Online Weather
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
EPSS 1% CVSS 5.3
MEDIUM This Month

IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Online Weather
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Online Weather
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Online Weather
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy