CVE-2025-49923 — Cross-site Scripting in Seriously Simple Podcasting

CWE-79 — Cross-site Scripting CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 93.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Castos Seriously Simple Podcasting Craig Hewitt Seriously Simple Podcasting

Timeline

PublishedOct 22

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5craig_hewitt/seriously_simple_podcasting3.11.1

▶NVDcastos/seriously_simple_podcasting< 3.12.0

🔴Vulnerability Details

GHSA

GHSA-98cc-87q9-qq36: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting serious↗2025-10-22

▶

CVEList

WordPress Seriously Simple Podcasting plugin <= 3.11.1 - Cross Site Scripting (XSS) vulnerability↗2025-10-22

▶

📋Vendor Advisories

Microsoft

drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags↗2024-10-08

▶