Adindrabkin

**Name of the Vulnerable Software and Affected Versions** flaskBlog (affected versions not specified) **Description** The issue is related to improper storage and rendering of user comments on the `/user/<user>` page, allowing arbitrary javascript code execution. This is due to the use of the `|safe` tag in the `user.html` template, which prevents Flask from escaping the rendered content. The vulnerable code snippet is `<div class="content" tag="content">{{comment[2]|safe}}</div>`. **Recommendations** To remediate this issue, remove the `|safe` tag from the HTML template `user.html` to prevent arbitrary javascript code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.