Lucene search
K

4 matches found

NVD
NVD
added 2025/08/19 8:15 p.m.17 views

CVE-2025-55737

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...

6.9CVSS0.00274EPSS
Exploits1References1
NVD
NVD
added 2025/08/19 7:15 p.m.8 views

CVE-2025-55736

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

9.3CVSS0.00246EPSS
Exploits1References1
CVE
CVE
added 2025/08/19 7:4 p.m.29 views

CVE-2025-55736

CVE-2025-55736 affects flaskBlog up to version 2.8.0 (and earlier). The root cause is in the routes/adminPanelUsers file, where an arbitrary user can elevate their role to admin , gaining high-privilege capabilities (e.g., delete users, posts, comments). Connected sources confirm the affected sof...

9.3CVSS7.2AI score0.00246EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/08/14 3:26 p.m.30 views

CVE-2025-53631

FlaskBlog vulnerability CVE-2025-53631 affects FlaskBlog versions prior to 2.8.1. Root cause: improper sanitization of postContent submitted to /createpost, enabling arbitrary JavaScript execution (XSS) on all pages where the post is reflected (/, /post/[ID], /admin/posts, /user/[ID]). Impact is ...

5.4CVSS6.9AI score0.00199EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder