First published: Wed Mar 27 2024(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Podlove Podcast Publisher | <=4.0.9 | |
WordPress Podlove Podcast Publisher | <=4.0.9 | |
Podlove Podcast Publisher | <4.0.10 |
Update to 4.0.10 or a higher version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-29915 is categorized as a reflected Cross-site Scripting (XSS) vulnerability.
To fix CVE-2024-29915, update the Podlove Podcast Publisher to a version newer than 4.0.9.
CVE-2024-29915 affects users running Podlove Podcast Publisher version 4.0.9 or lower, including the WordPress plugin.
The potential impacts of CVE-2024-29915 include malicious scripts being executed in the context of a user's browser, leading to data theft or session hijacking.
Yes, CVE-2024-29915 remains exploitable in versions 4.0.9 and earlier of Podlove Podcast Publisher.