CVE-2025-28102

Published April 21st, 2025

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.

DogukanUrker/FlaskBlog

Simple blog app.

GitHub

192