Lucene search

Alist Security Vulnerabilities

cve

Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.

6.1CVSS

6AI Score

0.001EPSS

2022-03-12 01:15 AM

cve

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).

8.8CVSS

8.6AI Score

0.001EPSS

2022-12-12 02:15 PM

cve

Alist v3.4.0 is vulnerable to Directory Traversal,

9.8CVSS

9.3AI Score

0.002EPSS

2022-12-15 11:15 PM

cve

Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.

5.4CVSS

5.2AI Score

0.001EPSS

2022-12-12 02:15 PM

cve

AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.

7.5CVSS

7.4AI Score

0.001EPSS

2023-05-23 10:15 PM

cve

alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.

8.8CVSS

8.7AI Score

0.001EPSS

2023-06-07 02:15 PM