after enumerating using burp suite and searching the HTTP headers for an exploit i found this exploit named "'Long Description' Persistent Cross-Site Scripting" that works on podcast generator services that are older than 3.1 and it was used in the POST method to get the flag. more info about the exploit can be found here https://www.exploit-db.com/exploits/49866
Flag: flag{nev3r_gonn4_say_g00dbye}