ГлавнаяУязвимости → CVE-2024-32484
7.4высокая

CVE-2024-32484

Описание

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.

Затрагиваемое ПО
Ankitects Anki
CVSS
Балл7.4 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Источники
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1995