CVE-2025-28860

Name of the Vulnerable Software and Affected Versions: PPDPurveyor Google News Editors Picks Feed Generator versions n/a through 2.1

Description: The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of another user without their knowledge or consent, potentially leading to the execution of malicious scripts stored on the server.

Recommendations: For versions n/a through 2.1, update to a version that includes a fix for the CSRF vulnerability to prevent Stored XSS attacks. As a temporary workaround, consider disabling any functionality that may be exploited through CSRF until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.