CVE-2025-70336

Published: Jan 28, 2026Modified: Feb 9, 2026

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages.

Affected (1)

Products: Podcastgenerator: Podcast Generator

Podcastgenerator

1 product

Podcast Generator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Podcastgenerator Podcast Generator	Version 3.2.9

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/PodcastGenerator/PodcastGenerator

Source: cve@mitre.org

Product

https://github.com/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.