CVE-2021-47968

EUVD-2021-34821
Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long_description parameter. Attackers can inject script tags through episode creation or editing requests to execute arbitrary JavaScript when other users view the episode details.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
6.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
podcastgeneratorpodcast_generator
𝑥
< 3.1.1
CNA
Common Weakness Enumeration
References
https://podcastgenerator.net/demoV2/
https://podcastgenerator.net/download
https://www.exploit-db.com/exploits/49866
https://www.vulncheck.com/advisories/podcast-generator-persistent-cross-site-scripting-via-long-description