Flask Server Reflected XSS Vulnerability
CVE-2024-32484

7.4HIGH

Key Information:

Vendor: Ankitects
Status: Anki
Vendor: CVE Published:; 22 July 2024

What is CVE-2024-32484?

A reflected XSS vulnerability has been identified in Ankitects' Anki version 24.04, related to the improper handling of invalid paths within the Flask server framework. This vulnerability can be exploited through specially crafted flashcards, allowing attackers to execute arbitrary JavaScript code. Such an attack could lead to unauthorized file access on the client's machine if the malicious flashcard is shared and opened. The flaw emphasizes the importance of secure coding practices to prevent the injection of harmful scripts into applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Anki 24.04

References

https://talosintelligence.com/vulnerability_reports/TALOS...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 22, 2024
Vulnerability Reserved
May 6, 2024

Credit

Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B

JSON

Ankitects