PT-2025-33853 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.0 Description: flaskBlog is a blog application built with Flask. A stored cross-site scripting XSS issue exists due to a lack of validation for the content of a post stored in the postContent variable. The...

PT-2025-33854 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.1 Description: flaskBlog is a blog app built with Flask. An arbitrary user can change their role to "admin", granting administrative privileges such as deleting users, posts, and comments. The issue resides in...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions, which stems from unvalidated post content that could lead to stored cross-site scripting...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions, which stems from unvalidated comment ownership that could lead to arbitrary deletion of comments...

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

PT-2025-33302 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.1 Description: flaskBlog is a blog application built with Flask. Improper sanitization of the postContent parameter when submitting POST requests to the /createpost API endpoint leads to arbitrary JavaScript...

FlaskBlog 跨站脚本漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A cross-site scripting vulnerability exists in flaskBlog 2.8.1 and earlier versions, which stems from improper postContent cleanup and could lead to arbitrary JavaScript execution...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe . Use of the "safe" ta...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

CVE-2025-28102

FlaskBlog v2.6.1 is affected by a cross-site scripting (XSS) vulnerability exposed via the postContent parameter at /createpost. The issue stems from allowing arbitrary script/HTML injection, enabling attackers to run client-side code. Available connected reports confirm the affected software ver...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog version 2.6.1, which stems from improper access control and could lead to obtaining all usernames...

PT-2025-17453 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog version 2.6.1 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at the "/createpost" API endpoint. Recommendations:...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

PT-2025-17454 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: laskBlog version 2.6.1 Description: The issue is related to incorrect access control, allowing attackers to delete user accounts arbitrarily via a crafted request. Recommendations: For laskBlog version 2.6.1, consider restricting access to th...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...