PodcastGenerator Stored Cross-Site Scripting Vulnerability in Live Items Feature

Vulnerability

A stored cross-site scripting vulnerability has been identified in PodcastGenerator version 3.2.9. This issue allows authenticated administrators to inject arbitrary HTML or JavaScript into the 'Create New Live Item' page. The injected payload is executed without proper output encoding on the 'View All Live Items' and 'Live Stream' pages', impacting both public users and administrators.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the browsers of unauthenticated visitors on the public Live Stream page, or administrators on the Live Items listing page. This could lead to session hijacking, theft of non-HttpOnly cookies, DOM data exfiltration, website defacement, or redirection and phishing attacks.

Added: Jan 28, 2026, 4:22 PM

Updated: Jan 28, 2026, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

4.7

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

4.7

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PodcastGenerator Stored Cross-Site Scripting Vulnerability in Live Items Feature

Vulnerability

Impact

Affected Products

PodcastGenerator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating