exploitDog

CVE-2025-28102

Опубликовано: 21 апр. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.

Ссылки

https://gist.github.com/coleak2021/edbd6e0766227ee96a7a4601e50773eb
Third Party Advisory
https://github.com/DogukanUrker/flaskBlog/issues/130
Exploit
Issue Tracking
https://github.com/DogukanUrker/flaskBlog/issues/130
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dogukanurker:flaskblog:2.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00064

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-743f-hxpg-f2rj

CVSS3: 6.1

github

10 месяцев назад

A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.

EPSS

Процентиль: 20%

0.00064

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79