CVE-2025-53631 MEDIUM

CVE-2025-53631: flaskBlog XSS Vulnerability in postContent

Vendor Dogukanurker

Product flaskBlog

Weakness CWE-79 · XSS

Published August 14, 2025

Last update August 14, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

What the vulnerability does

01Description

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post/[ID], /admin/posts, and /user/[ID] of the user that made the post. At time of publication, there are no public patches available.

Key dates

02Disclosure timeline

August 14, 2025 CVE published

August 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53631 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-53631: flaskBlog XSS Vulnerability in postContent

01Description

02Disclosure timeline

03References

04Related CVE