CVE-2025-53631: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in DogukanUrker flaskBlog
flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post/[ID], /admin/posts, and /user/[ID] of the user that made the post. At time of publication, there are no public patches available.
CVE-2025-53631: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in DogukanUrker flaskBlog
Description
flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post/[ID], /admin/posts, and /user/[ID] of the user that made the post. At time of publication, there are no public patches available.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-07-07T14:20:38.389Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 689e01a3ad5a09ad005c05b0
Added to database: 8/14/2025, 3:32:51 PM
Last updated: 8/14/2025, 3:32:51 PM
Views: 1
Related Threats
CVE-2025-8964: Improper Authentication in code-projects Hostel Management System
MediumCVE-2025-7971: CWE-20: Improper Input Validation in Rockwell Automation Studio 5000 Logix Designer®
HighCVE-2025-40758: CWE-347: Improper Verification of Cryptographic Signature in Siemens Mendix SAML (Mendix 10.12 compatible)
HighCVE-2025-36613: CWE-266: Incorrect Privilege Assignment in Dell SupportAssist for Home PCs
LowCVE-2025-27845: n/a
CriticalActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.