Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Podcast Generator Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-53899)

Description

PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress-Amazon-Associate (WPAA) Multiple Cross-Site Scripting Vulnerabilities (1.7.3)

WordPress Plugin WP Live Chat Support Pro Unspecified Vulnerability (8.0.07)

MediaWiki Improper Input Validation Vulnerability (CVE-2013-1816)

WordPress Plugin Instagram Plugin-InstaLinker Cross-Site Scripting (1.1.1)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43778)

Severity

Critical

Classification

CVE-2023-53899 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities