exploitDog

CVE-2025-5015

Опубликовано: 25 июн. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-06

EPSS

Процентиль: 34%

0.00138

Низкий

8.8 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8g2c-p8rg-v47g

CVSS3: 8.8

github

8 месяцев назад

A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.

EPSS

Процентиль: 34%

0.00138

Низкий

8.8 High

CVSS3

Дефекты

CWE-79