CVE-2023-53918

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53918

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53918.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53918

Published

2025-12-17T23:15:50.610Z

Modified

2025-12-29T04:43:57.322618Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodesupload.php). Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page (episodeslist.php).

References

Affected packages

Git / github.com/albertobeta/podcastgenerator

Affected ranges

Type: GIT
Repo: https://github.com/albertobeta/podcastgenerator
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

cc1f09cfd6845436ab3cdff20b6be9ca62a902a4

Affected versions

2.*

2.5

2.6

2.7

v2.*

v2.5

v2.6

v2.7

v3.*

v3.0

v3.1

v3.2

v3.2.0-beta

v3.2.0-beta.2

v3.2.0-beta.3

v3.2.0-rc

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53918.json"