FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-32484

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

Published: Jul 22, 2024

010
CVSS 8.2EPSS 0.09%High
CVE info copied to clipboard

Summary

A reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.

Impact

This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser. The attacker can potentially read arbitrary files on the victim's system, leading to a breach of confidentiality. The CVSS v3.1 base score is 8.2 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N. This indicates a high confidentiality impact and a low integrity impact, but no direct impact on availability. The attack vector is network-based, requires low complexity, no privileges, and user interaction.

Exploitation

One proof-of-concept exploit is available on talosintelligence.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is not explicitly mentioned in the provided information. However, given that the vulnerability is specific to Ankitects Anki version 24.04, it's likely that upgrading to a newer version (if available) would address this issue.

Mitigation

1. Update Ankitects Anki to a version newer than 24.04 if available. 2. Implement strong input validation and sanitization for all user-supplied content, especially in flashcards. 3. Use Content Security Policy (CSP) headers to restrict the execution of scripts. 4. Educate users about the risks of importing flashcards from untrusted sources. 5. Consider implementing a sandbox environment for viewing shared or imported flashcards.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-32484

Jul 22, 2024 at 3:15 PM
CVSS

A CVSS base score of 7.4 has been assigned.

Jul 22, 2024 at 3:15 PM / talos_disclosed
First Article

Feedly found the first article mentioning CVE-2024-32484. See article

Jul 22, 2024 at 3:16 PM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 22, 2024 at 3:16 PM
Trending

This CVE started to trend in security discussions

Jul 22, 2024 at 3:53 PM
EPSS

EPSS Score was set to: 0.09% (Percentile: 37.5%)

Jul 23, 2024 at 9:40 AM
Threat Intelligence Report

The vulnerability CVE-2024-32484 in the web-server allows for arbitrary file read and XSS attacks, posing a critical risk to the system's security. It has been exploited in the wild by threat actors, with proof-of-concept exploits available. Mitigations include implementing input validation and applying patches provided by the vendor. Downstream impacts may affect third-party vendors relying on the vulnerable technology. See article

Jul 24, 2024 at 3:42 PM
Trending

This CVE stopped trending in security discussions

Jul 25, 2024 at 3:46 PM
CVSS

A CVSS base score of 8.2 has been assigned.

Sep 11, 2024 at 2:50 PM / nvd
Static CVE Timeline Graph

Affected Systems

Ankitects/anki
+null more

Exploits

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995
+null more

Attack Patterns

CAPEC-18: XSS Targeting Non-Script Elements
+null more

References

TALOS-2024-1995 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence / 4mo
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. However, due to a reflected XSS vulnerability in the web server, a precisely crafted card can access the methods exposed.
Studying 0days: How we hacked Anki, the world's most popular flashcard app
Skii.dev / 3mo
We've seen how simple importing a card is and that there are no warnings during this process; now, let's look at what media we can import – Can we use any file in our shared deck, or does it only accept media content? Anki's graphical user interface (GUI) utilises the Qt library, with a web view being the main component for most pages, including reviewing cards.

News

CVE-2024-32484 Exploit
inTheWild.io Exploits / 2mo
CVE Id : CVE-2024-32484 Published Date: 2024-09-11T14:46:00+00:00 An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability. inTheWild added a link to an exploit: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
Cyber Security News - The Reddit of Infosec / 3mo
The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. An adversary could exploit TALOS-2024-1956 (CVE-2024-0107) by sending a targeted device a specially crafted executable/shader file, leading to an out-of-bounds read.
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
unSafe.sh - 不安全 / 3mo
The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. An adversary could exploit TALOS-2024-1956 (CVE-2024-0107) by sending a targeted device a specially crafted executable/shader file, leading to an out-of-bounds read.
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
unSafe.sh - 不安全 / 3mo
The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. An adversary could exploit TALOS-2024-1956 (CVE-2024-0107) by sending a targeted device a specially crafted executable/shader file, leading to an out-of-bounds read.
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
unSafe.sh - 不安全 / 3mo
The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. An adversary could exploit TALOS-2024-1956 (CVE-2024-0107) by sending a targeted device a specially crafted executable/shader file, leading to an out-of-bounds read.
See 22 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Changed
Confidentiality:High
Integrity:Low
Availability Impact:None

Categories

CVSS 8.2(18246)CWE-80(307)CWE-79(31345)Ankitects()

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial