TROYANOSYVIRUS
Volver a CVEs

CVE-2025-70336

MEDIUM
4.8

Descripcion

A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages.

Detalles CVE

Puntuacion CVSS v3.14.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado1/28/2026
Ultima modificacion2/9/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

podcastgenerator:podcast_generator

Debilidades (CWE)

CWE-79

Referencias

https://github.com/PodcastGenerator/PodcastGenerator(cve@mitre.org)
https://github.com/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.