Lucene search
TalosCVELIST:CVE-2024-26020HistoryJul 22, 2024 - 2:20 p.m.
CVE-2024-26020
2024-07-2214:20:26
CWE-74
talos
www.cve.org
5
arbitrary script execution
ankitects anki 24.04
mpv functionality
flashcard
code execution
vulnerability
malicious.
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
38.0%
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.
CNA Affected
[
{
"vendor": "Ankitects",
"product": "Anki",
"versions": [
{
"version": "24.04",
"status": "affected"
}
]
}
]Related
osv
osv
Ankitects Anki arbitrary script execution vulnerability
2024-07-22 15:32:41
CVE-2024-26020
2024-07-22 15:15:02
talos
talos
Ankitects Anki MPV script injection vulnerability
2024-07-22 00:00:00
cve
cve
CVE-2024-26020
2024-07-22 15:15:02
debiancve
debiancve
CVE-2024-26020
2024-07-22 15:15:02
vulnrichment
vulnrichment
CVE-2024-26020
2024-07-22 14:20:26
veracode
veracode
Arbitrary Script Execution
2024-07-27 06:23:25
nvd
nvd
CVE-2024-26020
2024-07-22 15:15:02
github
github
Ankitects Anki arbitrary script execution vulnerability
2024-07-22 15:32:41
talosblog
talosblog
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
38.0%
Related for CVELIST:CVE-2024-26020