PT-2025-17457 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: laskBlog version 2.6.1 Description: The issue allows attackers to bypass access controls and obtain all usernames by providing a specially crafted input. Recommendations: For laskBlog version 2.6.1, consider restricting access to sensitive us...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A security vulnerability exists in FlaskBlog version 2.6.1, which stems from improper access control and could lead to arbitrary deletion of user accounts...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A security vulnerability exists in FlaskBlog version 2.6.1, which stems from the presence of cross-site scripting in the postContent parameter, which could lead to the execution of arbitrary we...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog version 2.6.1, which stems from mishandling of the /post/postTitle component and could lead to arbitrary file deletion...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

PT-2025-17223 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog version 2.6.1 Description: The issue allows attackers to delete article titles created by other users by supplying a crafted POST request to the "/post/postTitle" component. Recommendations: For flaskBlog version 2.6.1, consider...

CVE-2025-28101

CVE-2025-28101 affects flaskBlog v2.6.1, where the /post/{postTitle} endpoint allows arbitrary file deletion by crafting a POST request, enabling deletion of article titles created by other users. Documented details confirm the vulnerable component and impact (I/A low, C=none) with CVSSv3.1 score...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

CVE-2024-22414

CVE-2024-22414 affects the FlaskBlog app. The root cause is improper storage/rendering on the /user/ page due to using the template snippet {{comment[2]|safe}}, which disables HTML escaping via the safe filter. As a result, user comments can render arbitrary JavaScript, enabling XSS. A remediatio...

CVE-2024-22414 User profile page vulnerable to Cross Site Scripting (XSS) in flaskBlog

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

PT-2024-19405 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog affected versions not specified Description: The issue is related to improper storage and rendering of user comments on the /user/ page, allowing arbitrary javascript code execution. This is due to the use of the |safe tag in the...

FlaskBlog Cross-Site Scripting Vulnerability

FlaskBlog is a simple blog application built using Flask. FlaskBlog suffers from a cross-site scripting vulnerability that stems from improper storage and rendering of pages, allowing an attacker to execute arbitrary JavaScript code...