HIGH🇬🇧 English

CVE-2024-32484

CVSS 7.4v3.1pub. 2024-07-22upd. 2025-11-04

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
  • Ankitects Anki

    APP
    Ankitects
    24.04
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEXSS
CWE
Referencje

Powiązane podatności

CVE-2025-62185MEDIUM6.7ten sam produkt

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media...

CVE-2025-62186MEDIUM6.7ten sam produkt

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playi...

CVE-2025-43703MEDIUM6.1ten sam produkt

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controll...

CVE-2025-62187LOW2.9ten sam produkt

W Ankitects Anki przed wersją 25.02.6 spreparowane odwołania do plików dźwiękowych mogły spowodować zapis plik...

CVE-2024-32152LOW3.1ten sam produkt

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafte...