3 matches found
CVE-2022-26533
Alist v2.1.0 and below was discovered to contain a cross-site scripting XSS vulnerability via /i/:data/ipa.plist...
CVE-2022-26533
Alist v2.1.0 and below was discovered to contain a cross-site scripting XSS vulnerability via /i/:data/ipa.plist...
CVE-2022-26533
CVE-2022-26533 concerns Alist v2.1.0 and below, where an XSS vulnerability exists via /i/:data/ipa.plist. The root cause is improper input handling in the Plist function (other.go), allowing injected JavaScript. Affected versions: v2.0.10–2.1.0; mitigation/fix is stated as applied in version 2.1....