Podcastgenerator · Podcast Generator · CVE-2021-47968
**Name of the Vulnerable Software and Affected Versions**
Podcast Generator version 3.1
**Description**
An issue exists where authenticated attackers can perform persistent cross-site scripting (XSS), a technique where malicious scripts are permanently stored on a target server. This occurs by submitting unfiltered JavaScript code through the `long description` parameter during episode creation or editing requests. The injected script tags execute arbitrary JavaScript when other users view the episode details.
**Recommendations**
As a temporary workaround, avoid using the `long description` parameter in episode creation or editing until a fix is applied.