Cross-Site Scripting Vulnerability in AccuWeather and Custom RSS Widget
CVE-2025-5015

8.8HIGH

Key Information:

Vendor: Parsons
Status: Parsons Utility Enterprise Data Management; Aclaraone Utility Portal
Vendor: CVE Published:; 25 June 2025

What is CVE-2025-5015?

A cross-site scripting vulnerability in the AccuWeather and Custom RSS widget allows an unauthenticated user to manipulate the RSS feed URL and inject malicious scripts. This exposes users to potential attacks, as malicious content can be executed in their browsers when they view the affected widget. Protection against such vulnerabilities is critical to ensure user safety and data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AclaraONE Utility Portal 0 < 1.22

Parsons Utility Enterprise Data Management 5.18

Parsons Utility Enterprise Data Management 5.03

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
May 20, 2025

Credit

Joshua Dillon reported this vulnerability to CISA.

JSON

Parsons

What is CVE-2025-5015?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.