HIGH
Parsons
CVE published 2025-06-24
CVE-2025-5015
CVE-2025-5015 is a high-severity cross-site scripting issue in the AccuWeather and Custom RSS widget used by Parsons/Aclara utility portal deployments. According to the CISA CSAF advisory, an unauthenticated user can replace the RSS feed URL with a malicious one, creating a path to script execution in a victim’s browser. The advisory lists multiple affected product versions and distinguishes between manag [truncated]