An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NAnkitects Anki
APPAnkitects24.04
Related vulnerabilities
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media...
Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playi...
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controll...
W Ankitects Anki przed wersją 25.02.6 spreparowane odwołania do plików dźwiękowych mogły spowodować zapis plik...
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafte...