CVE-2024-32484

Name of the Vulnerable Software and Affected Versions Ankitects Anki version 24.04

Description A reflected XSS issue exists in the handling of invalid paths in the Flask server. This can be triggered by a specially crafted flashcard, leading to JavaScript code execution and potentially resulting in an arbitrary file read. An attacker can exploit this by sharing a malicious flashcard.

Recommendations For Ankitects Anki version 24.04, consider disabling the handling of invalid paths in the Flask server as a temporary workaround until a patch is available. Restrict access to the flashcard feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.