CVE-2021-47968

MEDIUM

Podcast Generator 3.1 Persistent Cross-Site Scripting via long_description

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47968. PoCs published by Ayşenur KARAASLAN.

AI-analyzed exploit summary This is a functional proof-of-concept for a persistent XSS vulnerability in Podcast Generator 3.1. The exploit demonstrates how an attacker can inject malicious JavaScript into the 'long_description' field, which is then executed when a user views the episode details.

Description

Podcast Generator 3.1 is vulnerable to persistent cross-site scripting, allowing authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long_description parameter. Attackers can inject script tags through episode creation or editing requests to execute arbitrary JavaScript when other users view the episode details.

Exploits (1)

exploitdb WORKING POC
by Ayşenur KARAASLAN · textwebappsphp
https://www.exploit-db.com/exploits/49866

This is a functional proof-of-concept for a persistent XSS vulnerability in Podcast Generator 3.1. The exploit demonstrates how an attacker can inject malicious JavaScript into the 'long_description' field, which is then executed when a user views the episode details.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Podcast Generator < 3.1.1
Auth required
Prerequisites: Admin access to the Podcast Generator application
devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-49866
https://www.exploit-db.com/exploits/49866
Product product
Official Product Homepage
https://podcastgenerator.net/demoV2/
Product product
Product Reference
https://podcastgenerator.net/download
Third Party Advisory third-party-advisory
VulnCheck Advisory: Podcast Generator 3.1 Persistent Cross-Site Scripting via long_description
https://www.vulncheck.com/advisories/podcast-generator-persistent-cross-site-scripting-via-long-description

Scores

CVSS v3 6.4
EPSS 0.0019
EPSS Percentile 9.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Podcastgenerator/Podcast Generator < 3.1.1
Published May 15, 2026
Tracked Since May 16, 2026