PT-2026-41347 · Podcastgenerator · Podcast Generator
Ayşenur Karaaslan
·
Published
2026-05-15
·
Updated
2026-05-15
·
CVE-2021-47968
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Podcast Generator version 3.1
Description
An issue exists where authenticated attackers can perform persistent cross-site scripting (XSS), a technique where malicious scripts are permanently stored on a target server. This occurs by submitting unfiltered JavaScript code through the
long description parameter during episode creation or editing requests. The injected script tags execute arbitrary JavaScript when other users view the episode details.Recommendations
As a temporary workaround, avoid using the
long description parameter in episode creation or editing until a fix is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Podcast Generator