CVE-2025-70336

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

28/01/2026

Last modified:

28/01/2026

Description

A Stored cross-site scripting (XSS) vulnerability in &#39;Create New Live Item&#39; in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the &#39;TITLE&#39;, &#39;SHORT DESCRIPTION&#39; and &#39;LONG DESCRIPTION&#39; parameters. The saved payload gets executed on &#39;View All Live Items&#39; and &#39;Live Stream&#39; pages.

Impact

References to Advisories, Solutions, and Tools

https://github.com/PodcastGenerator/PodcastGenerator
https://github.com/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336