VYPR
Vendor

Albertobeta

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2023-53899CriDec 16, 2025
    risk 0.64cvss 9.8epss 0.00

    PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode…

  • CVE-2021-47968MedMay 15, 2026
    risk 0.42cvss 6.4epss 0.00

    Podcast Generator 3.1 is vulnerable to persistent cross-site scripting, allowing authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long_description parameter. Attackers can inject script tags through episode creation or editing…

  • CVE-2025-70336Jan 28, 2026
    risk 0.00cvss epss 0.00

    A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All…

  • CVE-2023-53920Dec 17, 2025
    risk 0.00cvss epss 0.00

    PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title execute when users visit the application's…

  • CVE-2023-53919Dec 17, 2025
    risk 0.00cvss epss 0.00

    PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the…

  • CVE-2023-53918Dec 17, 2025
    risk 0.00cvss epss 0.00

    PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes…

  • CVE-2018-20121Mar 17, 2019
    risk 0.00cvss epss 0.02

    Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.