Vulnerabilities > Columbiaweather > Weather Microserver Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-18 | CVE-2018-18876 | Path Traversal vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. | 5.3 |
| 2019-06-18 | CVE-2018-18875 | Cross-site Scripting vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. | 5.4 |
| 2019-06-18 | CVE-2018-18880 | Cross-site Scripting vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | 5.4 |