CVE-2024-32484

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-80
View all →

Vulnerability Description

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.

Related Vulnerabilities

CVE-2023-32192

HIGH
CVSS:8.3(High)

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript c...

CWE-802023

CVE-2023-32193

HIGH
CVSS:8.3(High)

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to t...

CWE-802023

CVE-2024-35224

HIGH
CVSS:7.6(High)

OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS vi...

CWE-802024

CVE-2025-0272

HIGH
CVSS:7.6(High)

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CWE-802025

CVE-2022-0989

HIGH
CVSS:7.5(High)

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide the...

CWE-802022

CVE-2023-39217

HIGH
CVSS:7.5(High)

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.

CWE-802023