Lucene search
Alist ProjectAlist
4 matches found
CVE-2022-26533
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.
6.1CVSS6AI score0.00228EPSS
CVE-2022-45969
Alist v3.4.0 is vulnerable to Directory Traversal,
9.8CVSS9.3AI score0.00448EPSS
CVE-2022-45968
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).
8.8CVSS8.6AI score0.00107EPSS
CVE-2022-45970
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.
5.4CVSS5.2AI score0.00092EPSS