Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2023-53899

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.

Published: Dec 16, 2025
Updated: Dec 31, 2025
CVE: CVE-2023-53899
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
podcastgenerator / podcast_generator	3.2.9	3.2.9.x

https://github.com/PodcastGenerator/PodcastGenerator
https://podcastgenerator.net/
https://www.exploit-db.com/exploits/51565
https://www.vulncheck.com/advisories/podcastgenerator-blind-server-side-request-forgery-via-xml-injection

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo