Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs due to a LaTeX blocklist bypass in the LaTeX processing functionality. The LaTeX module fails to enforce its blocklist properly, allowing specially crafted malicious flashcards to create arbitrary...

PT-2024-24608 · Ankitects +1 · Anki +1

Name of the Vulnerable Software and Affected Versions: Ankitects Anki version 24.04 Description: A reflected XSS issue exists in the handling of invalid paths in the Flask server. This can be triggered by a specially crafted flashcard, leading to JavaScript code execution and potentially resultin...