CVE-2023-53919

MEDIUM

PodcastGenerator 3.2.9 - Stored Cross-Site Scripting in Freebox Content Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53919. PoCs published by Mirabbas Ağalarov.

AI-analyzed exploit summary This exploit demonstrates multiple stored XSS vulnerabilities in PodcastGenerator 3.2.9. It includes detailed steps and HTTP requests to trigger XSS payloads in different sections of the application, such as episode titles, freebox content, and podcast details.

Description

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page.

Exploits (1)

exploitdb WORKING POC

by Mirabbas Ağalarov · textwebappsphp

https://www.exploit-db.com/exploits/51454

View Code ZIP pw:eip

This exploit demonstrates multiple stored XSS vulnerabilities in PodcastGenerator 3.2.9. It includes detailed steps and HTTP requests to trigger XSS payloads in different sections of the application, such as episode titles, freebox content, and podcast details.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PodcastGenerator v3.2.9

Auth required

Prerequisites: Access to admin panel · Valid session cookie

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/51454

Product product

https://podcastgenerator.net/

Exploit, Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/podcastgenerator-stored-cross-site-scripting-via-freebox-content-field

Scores

CVSS v3 5.4

EPSS 0.0027

EPSS Percentile 18.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

podcastgenerator/podcast_generator 3.2.9

Podcastgenerator/PodcastGenerator 3.2.9

Published Dec 17, 2025

Tracked Since Feb 18, 2026