Primary

Context

PodcastGenerator Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in PodcastGenerator version 3.2.9. This issue resides in the podcast title field within the podcast details interface. Malicious JavaScript injected into the title executes when users access the application's home page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, navigate to the 'Podcast Details' section and select 'Change Podcast Details'. Inject a script payload, such as an image tag with an 'onerror' event or a 'svg' tag with an 'onload' event, into the podcast title field. After saving the changes, the injected script will execute when the home page is visited.

Added: Dec 17, 2025, 11:37 PM

Updated: Dec 17, 2025, 11:37 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PodcastGenerator Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

PodcastGenerator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating