EPSS
Percentile
34.0%
Alist versions 2.0.10 through 2.1.0 were discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. This issue was fixed in version 2.1.1.
github.com/Xhofe/alist
github.com/Xhofe/alist/commit/6af17e2509a400979420f613fd7f2f9721fdcd6e
github.com/Xhofe/alist/issues/645
nvd.nist.gov/vuln/detail/CVE-2022-26533