CVE-2025-55735 – FlaskBlog Stored XSS Vulnerability

CVE ID : CVE-2025-55735

Published : Aug. 19, 2025, 7:15 p.m. | 59 minutes ago

Description : flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there’s no validation of the content of the post stored in the variable “postContent”. The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escape the rendered content. This can lead to a stored XSS inside the content of the post. The code that causes the problem is in template/routes.html.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…