CVE-2025-70336

A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages.
Configurations

Configuration 1 (hide)

cpe:2.3:a:podcastgenerator:podcast_generator:3.2.9:*:*:*:*:*:*:*

History

17 Jun 2026, 10:03

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de cross-site scripting (XSS) almacenado en 'Create New Live Item' en PodcastGenerator 3.2.9 permite a atacantes remotos inyectar scripts o HTML arbitrarios a través de los parámetros 'TITLE', 'SHORT DESCRIPTION' y 'LONG DESCRIPTION'. La carga útil guardada se ejecuta en las páginas 'View All Live Items' y 'Live Stream'.

09 Feb 2026, 18:50

Type Values Removed Values Added
CPE cpe:2.3:a:podcastgenerator:podcast_generator:3.2.9:*:*:*:*:*:*:*
First Time Podcastgenerator podcast Generator
Podcastgenerator
References () https://github.com/PodcastGenerator/PodcastGenerator - () https://github.com/PodcastGenerator/PodcastGenerator - Product
References () https://github.com/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336 - () https://github.com/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336 - Third Party Advisory

29 Jan 2026, 18:16

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

28 Jan 2026, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-28 16:16

Updated : 2026-06-17 10:03


NVD link : CVE-2025-70336

Mitre link : CVE-2025-70336

CVE.ORG link : CVE-2025-70336


JSON object : View

Products Affected

podcastgenerator

  • podcast_generator
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')