Alist Security Vulnerabilities and Issues — Alist CVE List | Vulners.com

Lucene search

K

Alist ProjectAlist

8 matches found

CVE•added 2022/03/12 1:15 a.m.•82 views

CVE-2022-26533

Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.

6.1CVSS6AI score0.00228EPSS

CVE•added 2022/12/15 11:15 p.m.•66 views

CVE-2022-45969

Alist v3.4.0 is vulnerable to Directory Traversal,

9.8CVSS9.3AI score0.00448EPSS

CVE•added 2022/12/12 2:15 p.m.•58 views

CVE-2022-45968

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).

8.8CVSS8.6AI score0.00107EPSS

CVE•added 2022/12/12 2:15 p.m.•48 views

CVE-2022-45970

Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.

5.4CVSS5.2AI score0.00092EPSS

CVE•added 2024/11/21 3:15 p.m.•47 views

CVE-2024-48747

An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.

6.8CVSS7.6AI score0.00315EPSS

CVE•added 2023/05/23 10:15 p.m.•45 views

CVE-2023-31726

AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.

7.5CVSS7.4AI score0.01717EPSS

CVE•added 2023/06/07 2:15 p.m.•43 views

CVE-2023-33498

alist

8.8CVSS8.7AI score0.00107EPSS

CVE•added 2024/09/30 4:15 p.m.•43 views

CVE-2024-47067

AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up t...

6.1CVSS5.7AI score0.00025EPSS