- Description
- A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- ics-cert@hq.dhs.gov
- CWE-79
- Hype score
- Not currently trending
CVE-2025-5015 A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious on… https://t.co/fcCgzbwcRc
@CVEnew
25 Jun 2025
308 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-5015: HIGH] A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.#cve,CVE-2025-5015,#cybersecurity https://t.co/9fIGRd9JEL https://t.co/t6Ea3XfgtW
@CveFindCom
25 Jun 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Don't let your widgets be the weak link! CVE-2025-5015 reveals a nasty XSS vulnerability in popular weather and RSS tools. Who knew the forecast could rain on your security parade? ☔️ #WindowsForum #CyberSecurity #XSS https://t.co/3jwGhbfuNM
@windowsforum
24 Jun 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes