Iblsoft: Security Vulnerabilities
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVSS Score
5.8
EPSS Score
0.007
Published
2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVSS Score
9.0
EPSS Score
0.009
Published
2020-02-26
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVSS Score
3.1
EPSS Score
0.003
Published
2020-02-26