IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
6.1CVSS
6AI Score
0.001EPSS
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
9.8CVSS
9.6AI Score
0.022EPSS
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
5.3CVSS
5AI Score
0.001EPSS