Stored Cross-Site Scripting Vulnerability in Podcast Generator by Alberto Beta
CVE-2018-20121

6.1MEDIUM

Key Information:

Vendor

Podcastgenerator

Status
Podcast Generator
Vendor
CVE Published:
21 March 2019

What is CVE-2018-20121?

Podcast Generator version 2.7 contains a stored cross-site scripting vulnerability that can be exploited through the 'addcategory' URL parameter. This allows attackers to inject malicious scripts into web pages viewed by other users. When exploited, these scripts can execute in the context of the application, leading to unauthorized actions, data theft, or other malicious activities. Users of the Podcast Generator should immediately review their configurations and consider implementing security measures to mitigate potential risks.

References

http://packetstormsecurity.com/files/151333/Podcast-Gener...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jan/63
x_refsource_MISC
https://github.com/albertobeta/PodcastGenerator/commits/m...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.