CVE-2024-22414

Name of the Vulnerable Software and Affected Versions flaskBlog (affected versions not specified)

Description The issue is related to improper storage and rendering of user comments on the /user/<user> page, allowing arbitrary javascript code execution. This is due to the use of the |safe tag in the user.html template, which prevents Flask from escaping the rendered content. The vulnerable code snippet is <div class="content" tag="content">{{comment[2]|safe}}</div>.

Recommendations To remediate this issue, remove the |safe tag from the HTML template user.html to prevent arbitrary javascript code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.