CVE-2025-53631

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.1

Description: flaskBlog is a blog application built with Flask. Improper sanitization of the postContent parameter when submitting POST requests to the /createpost API endpoint leads to arbitrary JavaScript execution (XSS) on multiple pages, including /, /post/[ID], /admin/posts, and /user/[ID] of the user that made the post.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.