CVE-2023-53919

Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9

Description The software contains a stored cross-site scripting issue in the Freebox content field. This field is accessible through the theme customization interface, specifically the 'theme freebox.php' component. Injecting malicious JavaScript payloads into the Freebox content results in execution when users access the application’s home page.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input to the Freebox content field to prevent the injection of malicious scripts.