Critical severity9.8OSV Advisory· Published Dec 16, 2025· Updated Apr 29, 2026

CVE-2023-53899

Description

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.

Affected products

Albertobeta/PodcastgeneratorOSV
Range: 2.5, 2.6, 2.7, …
Podcast Generator/Podcast Generator
cpe:2.3:a:podcastgenerator:podcast_generator:3.2.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51565nvdExploitThird Party AdvisoryVDB Entry
www.vulncheck.com/advisories/podcastgenerator-blind-server-side-request-forgery-via-xml-injectionnvdThird Party Advisory
podcastgenerator.netnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000