Medium severity6.1NVD Advisory· Published Apr 21, 2025· Updated Jun 17, 2026
CVE-2025-28102
CVE-2025-28102
Description
A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.6.1
Patches
Vulnerability mechanics
References
2- github.com/DogukanUrker/flaskBlog/issues/130nvdExploitIssue Tracking
- gist.github.com/coleak2021/edbd6e0766227ee96a7a4601e50773ebnvdThird Party Advisory
News mentions
0No linked articles in our index yet.