7 matches found
EUVD-2010-1891
Malware in sbrugna...
CVE-2010-1872
Cross-site scripting XSS vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information...
CVE-2024-26020
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...
CVE-2024-26020
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...
CVE-2024-32152
CVE-2024-32152 affects Ankitects Anki 24.04’s LaTeX processing, where a specially crafted flashcard can bypass the blocklist and cause arbitrary file creation at a fixed path. The issue arises from the LaTeX blocklist bypass in the Anki LaTeX module, enabling an attacker to trigger file creation ...
CVE-2024-32484
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...
Ankitects Anki MPV script injection vulnerability
Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...