CVE-2018-20121 (podcast_generator)

Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.
Source: NIST