26 matches found
CVE-2025-70336
A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...
CVE-2025-70336
A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...
CVE-2025-70336
A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...
CVE-2025-70336
PodcastGenerator 3.2.9 contains a stored XSS vulnerability in the Create New Live Item workflow. Attackers can inject script/HTML via TITLE, SHORT DESCRIPTION, or LONG DESCRIPTION; the payload is executed on the View All Live Items and Live Stream pages. The issue is confirmed across multiple fee...
CVE-2025-70336
A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...
CVE-2023-53918
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
EUVD-2023-60212
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53918
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919 PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface themefreebox.php. Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page...
CVE-2023-53919
CVE-2023-53919 affects PodcastGenerator 3.2.9, with a stored cross-site scripting flaw in the Freebox content field via the theme_freebox.php interface. Attacker-supplied JavaScript placed in Freebox content can execute when users visit the home page. Public documentation confirms the issue and p...
CVE-2023-53920
CVE-2023-53920 concerns PodcastGenerator 3.2.9, with a stored cross-site scripting (XSS) vulnerability in the podcast title field exposed via the podcast_details.php interface. The malicious payloads injected into the podcast title can execute when users visit the application’s home page, indicat...
CVE-2023-53918 PodcastGenerator Stored Cross-Site Scripting via Episode Title Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...
CVE-2023-53918
PodcastGenerator 3.2.9 is affected by a stored cross-site scripting (XSS) flaw in the episode title field. The vulnerability arises when titles are submitted via the episodes_upload.php interface and is triggered when administrators load episodes_list.php, where injected JavaScript can execute in...
CVE-2023-53899
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation...
CVE-2023-53899
PodcastGenerator 3.2.9 is affected by a blind server-side request forgery via XML injection in the episode upload form, exploitable by manipulating the shortdesc parameter to trigger external HTTP requests to arbitrary endpoints during episode creation. The issue is concrete across multiple advis...
EUVD-2023-60191
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation...
PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Vulnerability
Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Application: PodcastGenerator Version: v3.2.9 Bugs: Blind SSRF via XML Injection Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found:...