
Find real vulnerabilities before they ship
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.
Base Score
8.2| Base Score | 8.2 |
|---|---|
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |
| Base Severity | High |
| Version | 3.1 |
| Attack Vector (AV) | NETWORK |