Primary

Context

Podcast Generator Persistent Cross-Site Scripting Vulnerability

Vulnerability

Patched

A persistent cross-site scripting vulnerability has been identified in Podcast Generator version 3.1. This vulnerability allows authenticated attackers to inject unfiltered JavaScript into the 'long_description' parameter while creating or editing episodes. The injected scripts are executed when other users view the episode details.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, where injected scripts are executed in the context of the user viewing the episode.

Reproduction

To reproduce this vulnerability, log into an admin account and navigate to the episode creation or editing interface. In the 'Long Description' field, enter a script tag containing JavaScript code, such as a `prompt()` call. After saving the episode, the injected script will execute when the episode details are viewed.

Added: May 15, 2026, 7:40 PM

Updated: May 15, 2026, 7:40 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

7.7

relevance

8.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

7.7

relevance

8.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Podcast Generator Persistent Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Podcast Generator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating