PodcastGenerator 3.2.9 contains a blind server-side... · CVE-2023-53899 · GitHub Advisory Database · GitHub

PodcastGenerator 3.2.9 contains a blind server-side...

Low severity Unreviewed Published Dec 16, 2025 to the GitHub Advisory Database • Updated Dec 16, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.

References

Published by the National Vulnerability Database

Dec 16, 2025

Published to the GitHub Advisory Database Dec 16, 2025

Last updated Dec 16, 2025