📦 Flaskblog

An incorrect access control vulnerability in flaskBlog v2.6.1 allows unauthenticated attackers to retrieve all usernames via crafted input. This affects all deployments using the vulnerable version, p...

This vulnerability in flaskBlog allows any authenticated user to delete arbitrary comments belonging to other users by manipulating the commentID parameter in delete requests. It affects all users of ...

This CVE describes an authorization bypass vulnerability in flaskBlog where admin role checks are only performed on the main /admin route but not on subroutes like /admin/posts and /admin/comments. Th...

This stored cross-site scripting (XSS) vulnerability in flaskBlog allows attackers to inject malicious scripts into blog posts that execute when other users view those posts. All users of flaskBlog ve...

In flaskBlog versions 2.8.0 and earlier, any authenticated user can escalate their privileges to admin by exploiting a vulnerability in the admin panel user management. This allows unauthorized admini...

This vulnerability in flaskBlog v2.6.1 allows attackers to delete arbitrary user accounts without proper authorization. Attackers can exploit incorrect access control by sending specially crafted requ...

A stored cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to inject malicious scripts into blog posts via the postContent parameter. This affects all users running the vul...