CVE-2025-70336

MEDIUM

4.8

Description

A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages.

CVE Details

CVSS v3.1 Score4.8

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionREQUIRED

Published1/28/2026

Last Modified2/9/2026

Sourcenvd

Honeypot Sightings0

Affected Products

podcastgenerator:podcast_generator

Weaknesses (CWE)

CWE-79

References

https://github.com/PodcastGenerator/PodcastGenerator(cve@mitre.org)

https://github.com/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.