Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.