CVE-2025-5015 Information

Description

A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-06