Flaskblog@2.6.1 Security Vulnerabilities and Issues — Flaskblog@2.6.1 CVE List

Lucene search

DogukanurkerFlaskblog2.6.1

4 matches found

CVE•added 2025/04/17 6:15 p.m.•46 views

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.

6.5CVSS6.6AI score0.00038EPSS

CVE•added 2025/04/21 6:15 p.m.•42 views

CVE-2025-28103

Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.

6.4CVSS6.8AI score0.00033EPSS

CVE•added 2025/04/21 6:15 p.m.•38 views

CVE-2025-28104

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.

9.1CVSS6.7AI score0.00053EPSS

CVE•added 2025/04/21 5:15 p.m.•34 views

CVE-2025-28102

A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.

6.1CVSS5.6AI score0.00047EPSS