CVE-2025-70336
- EPSS 0.04%
- Veröffentlicht 28.01.2026 00:00:00
- Zuletzt bearbeitet 09.02.2026 18:50:09
A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload...
CVE-2023-53919
- EPSS 0.04%
- Veröffentlicht 17.12.2025 22:44:52
- Zuletzt bearbeitet 27.12.2025 17:15:43
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute...
CVE-2023-53920
- EPSS 0.04%
- Veröffentlicht 17.12.2025 22:44:52
- Zuletzt bearbeitet 27.12.2025 17:15:43
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title execute when ...
CVE-2023-53918
- EPSS 0.04%
- Veröffentlicht 17.12.2025 22:44:51
- Zuletzt bearbeitet 27.12.2025 17:15:43
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute when adm...
CVE-2023-53899
- EPSS 0.18%
- Veröffentlicht 16.12.2025 17:03:47
- Zuletzt bearbeitet 30.12.2025 18:42:03
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoi...
CVE-2018-20121
- EPSS 0.5%
- Veröffentlicht 21.03.2019 16:00:34
- Zuletzt bearbeitet 21.11.2024 04:00:53
Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.