Medium severity5.4NVD Advisory· Published Aug 19, 2025· Updated Jun 17, 2026
CVE-2025-55735
CVE-2025-55735
Description
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escape the rendered content. This can lead to a stored XSS inside the content of the post. The code that causes the problem is in template/routes.html.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.8.0
Patches
Vulnerability mechanics
References
1- github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-gj9v-qhc3-gcfxnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.