CVE-2024-32484 — HIGH (7.4)

Vulnerability Description

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ankitects	Anki	24.04

Related Weaknesses (CWE)

CWE-79 CWE-80

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995ExploitThird Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995ExploitThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1995

FAQ

What is CVE-2024-32484?

CVE-2024-32484 is a vulnerability with a CVSS score of 7.4 (HIGH). An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an...

How severe is CVE-2024-32484?

CVE-2024-32484 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-32484?

Check the references section above for vendor advisories and patch information. Affected products include: Ankitects Anki.