CVE-2025-49185 — The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be exec — CVE Database · The Intelligence Room