Vulnerabilities > Iblsoft

DATE CVE VULNERABILITY TITLE RISK
2020-02-26 CVE-2020-9407 Cleartext Storage of Sensitive Information vulnerability in Iblsoft Online Weather
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
network
low complexity
iblsoft CWE-312
5.3
2020-02-26 CVE-2020-9406 Code Injection vulnerability in Iblsoft Online Weather
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
network
low complexity
iblsoft CWE-94
critical
9.8
2020-02-26 CVE-2020-9405 Cross-site Scripting vulnerability in Iblsoft Online Weather
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
network
low complexity
iblsoft CWE-79
6.1