QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-55735

Back to search

CVE-2025-55735

Published: Aug 19, 2025

Modified: Aug 19, 2025

PUBLISHED

Description

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escape the rendered content. This can lead to a stored XSS inside the content of the post. The code that causes the problem is in template/routes.html.

VendorProductVersions

DogukanUrker

FlaskBlog

affected
<= 2.8.0

Weaknesses (CWE)

CWE-79
CWE-807

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now