CVE-2023-53899

medium

Description

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.

References

https://www.vulncheck.com/advisories/podcastgenerator-blind-server-side-request-forgery-via-xml-injection

https://www.exploit-db.com/exploits/51565

https://podcastgenerator.net/

https://github.com/PodcastGenerator/PodcastGenerator

Details

Source: Mitre, NVD

Published: 2025-12-16

Updated: 2025-12-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Severity: Medium