Home > Vulnerability Database > CVE-2025-70336

Mend.io Vulnerability Database

CVE-2025-70336

Good to know:

Date: January 27, 2026

A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages.

Severity Score

4.8

Related Resources (4)

Url: https://github.com/PodcastGenerator/PodcastGenerator

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-70336

Url: https://github.com/aryasahil96-manu/CVE-Disclosures/blob/main/CVE-2025-70336

Url: https://www.mend.io/vulnerability-database/CVE-2025-70336

Severity Score

4.8

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-70336

Good to know:

Date: January 27, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?