CVE-2024-47067 Alist Contains a Reflected Cross-Site Scripting Vulnerability

AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...

Remote Code Execution (RCE)

op-browser is vulnerable to remote code execution RCE. The attack exist because it does not validate the user-provided value to url parameter, allowing an attacker to inject arbitrary code through it...