Primary

Context

PodcastGenerator Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in PodcastGenerator version 3.2.9. This issue resides in the Freebox content field, which is accessible through the theme customization interface. Malicious JavaScript payloads injected into this field are executed when users visit the application's home page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, navigate to the 'Themes and aspect' section and select 'Customize your Freebox'. Inject a script payload into the Freebox content field and save the changes. The injected script will execute when the home page is visited.

Added: Dec 17, 2025, 11:38 PM

Updated: Dec 17, 2025, 11:38 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PodcastGenerator Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

PodcastGenerator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating