Stored Cross-Site Scripting in PodcastGenerator by PodcastGenerator
CVE-2023-53919

5.1MEDIUM

Key Information:

Vendor

Podcastgenerator

Status
Podcastgenerator
Vendor
CVE Published:
17 December 2025

Badges

👾 Exploit Exists

What is CVE-2023-53919?

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability allowing malicious actors to inject harmful JavaScript payloads into the Freebox content field. This vulnerability is accessible through the theme customization interface (theme_freebox.php) and can lead to the execution of these payloads when users visit the application's home page, potentially compromising user data and experience. It is essential for users of affected versions to apply patches or updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

PodcastGenerator 3.2.9

References

https://www.exploit-db.com/exploits/51454
exploit
https://podcastgenerator.net/
product
https://www.vulncheck.com/advisories/podcastgenerator-sto...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mirabbas Ağalarov
JSON
.
CVE-2023-53919 : Stored Cross-Site Scripting in PodcastGenerator by PodcastGenerator