← Back

Podcastgenerator

podcastgenerator

6 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Podcast Generator
podcast_generator
6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-70336
1Podcastgenerator
1Podcast Generator
Feb 9, 2026
Jan 28, 2026
N/A· v4
4.8 MEDIUM· v3
N/A· v2
A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION'...Show more
A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages.Show less
CVE-2023-53920
1Podcastgenerator
1Podcast Generator
Dec 27, 2025
Dec 17, 2025
5.1 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into t...Show more
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title execute when users visit the application's home page.Show less
CVE-2023-53919
1Podcastgenerator
1Podcast Generator
Dec 27, 2025
Dec 17, 2025
5.1 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected in...Show more
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page.Show less
CVE-2023-53918
1Podcastgenerator
1Podcast Generator
Dec 27, 2025
Dec 17, 2025
5.1 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into e...Show more
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page (episodes_list.php).Show less
CVE-2023-53899
1Podcastgenerator
1Podcast Generator
Apr 29, 2026
Dec 16, 2025
5.1 MEDIUM· v4
9.8 CRITICAL· v3
N/A· v2
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTT...Show more
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.Show less
CVE-2018-20121
1Podcastgenerator
1Podcast Generator
Nov 21, 2024
Mar 21, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.