CVE-2023-53918

Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9

Description PodcastGenerator version 3.2.9 has a stored cross-site scripting issue. A malicious JavaScript payload can be injected into the episode title field through the episodes upload interface, specifically via the episodes upload.php page. When administrators view the episodes list page (episodes list.php), the injected JavaScript executes. The vulnerable field is the episode title.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for the episode title field to prevent the injection of malicious scripts.