Flaskblog Security Vulnerabilities and Issues — Flaskblog CVE List

Lucene search

DogukanurkerFlaskblog

5 matches found

CVE•added 2025/04/17 6:15 p.m.•46 views

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.

6.5CVSS6.6AI score0.00038EPSS

CVE•added 2025/04/21 6:15 p.m.•42 views

CVE-2025-28103

Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.

6.4CVSS6.8AI score0.00033EPSS

CVE•added 2025/04/21 6:15 p.m.•38 views

CVE-2025-28104

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.

9.1CVSS6.7AI score0.00053EPSS

CVE•added 2024/01/17 9:15 p.m.•34 views

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: {{comment[2]|safe}}. Use of the "safe"...

6.5CVSS6AI score0.002EPSS

CVE•added 2025/04/21 5:15 p.m.•34 views

CVE-2025-28102

A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.

6.1CVSS5.6AI score0.00047EPSS