PT-2025-33854 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.1 Description: flaskBlog is a blog app built with Flask. An arbitrary user can change their role to "admin", granting administrative privileges such as deleting users, posts, and comments. The issue resides in...

PT-2025-33853 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.0 Description: flaskBlog is a blog application built with Flask. A stored cross-site scripting XSS issue exists due to a lack of validation for the content of a post stored in the postContent variable. The...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions, which stems from unvalidated post content that could lead to stored cross-site scripting...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions, which stems from unvalidated comment ownership that could lead to arbitrary deletion of comments...

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

PT-2025-33302 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.1 Description: flaskBlog is a blog application built with Flask. Improper sanitization of the postContent parameter when submitting POST requests to the /createpost API endpoint leads to arbitrary JavaScript...

FlaskBlog 跨站脚本漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A cross-site scripting vulnerability exists in flaskBlog 2.8.1 and earlier versions, which stems from improper postContent cleanup and could lead to arbitrary JavaScript execution...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe . Use of the "safe" ta...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

CVE-2025-28102

FlaskBlog v2.6.1 is affected by a cross-site scripting (XSS) vulnerability exposed via the postContent parameter at /createpost. The issue stems from allowing arbitrary script/HTML injection, enabling attackers to run client-side code. Available connected reports confirm the affected software ver...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog version 2.6.1, which stems from improper access control and could lead to obtaining all usernames...

PT-2025-17453 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog version 2.6.1 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at the "/createpost" API endpoint. Recommendations:...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

PT-2025-17454 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: laskBlog version 2.6.1 Description: The issue is related to incorrect access control, allowing attackers to delete user accounts arbitrarily via a crafted request. Recommendations: For laskBlog version 2.6.1, consider restricting access to th...