Dogukanurker Flaskblog
10 CVEs affecting Dogukanurker Flaskblog. Latest disclosed: 2025-08-19. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-28104 | Critical | 9.1 | 2025-04-21 | Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input. |
CVE-2025-55737 | Medium | 6.5 | 2025-08-19 | flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can… |
CVE-2025-55736 | Medium | 6.5 | 2025-08-19 | flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete u… |
CVE-2025-55734 | Medium | 6.5 | 2025-08-19 | flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when vis… |
CVE-2025-28101 | Medium | 6.5 | 2025-04-17 | An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other user… |
CVE-2024-22414 | Medium | 6.5 | 2024-01-17 | flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javasc… |
CVE-2025-28103 | Medium | 6.4 | 2025-04-21 | Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request. |
CVE-2025-28102 | Medium | 6.1 | 2025-04-21 | A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th… |
CVE-2025-55735 | Medium | 5.4 | 2025-08-19 | flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "… |
CVE-2025-53631 | Medium | 5.4 | 2025-08-14 | flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads… |