PT-2020-20637 · Ibl · Ibl Online Weather
Dawid Czarnecki
·
Published
2020-02-25
·
Updated
2023-09-28
·
CVE-2020-9405
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBL Online Weather versions prior to 4.3.5a
Description
The issue allows unauthenticated reflected XSS via the redirect page. This can lead to malicious script execution without proper authentication.
Recommendations
For versions prior to 4.3.5a, update to version 4.3.5a or later to resolve the issue. As a temporary workaround, consider restricting access to the redirect page until a patch is applied. Avoid using the redirect page in sensitive operations until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibl Online Weather