CVE-2023-53919

Description

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-17 | Updated 2025-12-30 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Mirabbas Ağalarov finder

References

www.exploit-db.com/exploits/51454 exploit

www.exploit-db.com/exploits/51454 (ExploitDB-51454) exploit

podcastgenerator.net/ (Official Product Webpage) product

www.vulncheck.com/...ite-scripting-via-freebox-content-field (VulnCheck Advisory: PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field) third-party-advisory

cve.org (CVE-2023-53919)

nvd.nist.gov (CVE-2023-53919)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.