Lucene search
K
AlistgoAlist

9 matches found

CVE
CVE
added 2022/03/12 12:29 a.m.95 views

CVE-2022-26533

CVE-2022-26533 concerns Alist v2.1.0 and below, where an XSS vulnerability exists via /i/:data/ipa.plist. The root cause is improper input handling in the Plist function (other.go), allowing injected JavaScript. Affected versions: v2.0.10–2.1.0; mitigation/fix is stated as applied in version 2.1....

6.1CVSS6AI score0.00705EPSS
Web
CVE
CVE
added 2024/09/30 3:39 p.m.86 views

CVE-2024-47067

CVE-2024-47067 affects AList, a file list program with multiple storages. The endpoint /i/:link_name reflects user input in an application/xml response, introducing a reflected XSS vulnerability via HTML/XHTML tags. The issue is fixed in version 3.29.0.

6.1CVSS5.7AI score0.00398EPSS
Web
CVE
CVE
added 2022/12/15 12:0 a.m.81 views

CVE-2022-45969

CVE-2022-45969 targets Alist v3.4.0 and enables a Directory Traversal via bypass of the base path restriction, allowing an attacker to access or place files at arbitrary paths. Evidence from multiple sources confirms the affected product/version and the bypass path, with high-severity impacts (Co...

9.8CVSS9.3AI score0.01175EPSS
CVE
CVE
added 2022/12/12 12:0 a.m.74 views

CVE-2022-45968

Alist v3.4.0 is affected by a File Upload vulnerability where a user with only upload permission can place files into any folder, including password-protected ones. This CVE entry (CVE-2022-45968) is corroborated by multiple connected records (Red Hat, GHSA, OSV, NVD) confirming the same vulnerab...

8.8CVSS8.6AI score0.00973EPSS
CVE
CVE
added 2022/12/12 12:0 a.m.64 views

CVE-2022-45970

CVE-2022-45970 affects Alist v3.5.1 with a Cross-Site Scripting (XSS) vulnerability in the bulletin board component. The root cause is described in a GitLab YAML as improper neutralization of input during web page generation. This enables arbitrary script execution in the context of users visitin...

5.4CVSS5.2AI score0.00465EPSS
CVE
CVE
added 2023/05/23 12:0 a.m.60 views

CVE-2023-31726

AList 3.15.1 is affected by an Incorrect Access Control vulnerability that can lead to information disclosure. Evidence across multiple sources (NVD, Red Hat CVE page, OSV) confirms the vulnerability exists and that the impact is high for confidentiality, with network attack and no required user ...

7.5CVSS7.4AI score0.01058EPSS
CVE
CVE
added 2023/06/07 12:0 a.m.57 views

CVE-2023-33498

CVE-2023-33498 affects the AList project (

8.8CVSS8.7AI score0.00737EPSS
CVE
CVE
added 2026/02/04 7:40 p.m.22 views

CVE-2026-25160

CVE-2026-25160 affects Alist prior to 3.57.0, where TLS certificate verification is disabled by default for all outgoing storage communications. This insecure TLS configuration enables potential Man-in-the-Middle (MitM) attacks, allowing interception, decryption, and possible tampering of data du...

9.1CVSS5.2AI score0.00234EPSS
CVE
CVE
added 2026/02/04 7:40 p.m.17 views

CVE-2026-25161

CVE-2026-25161 affects Alist up to version 3.56.x, with a path traversal flaw in multiple file operation handlers. By injecting traversal sequences into filename components, an authenticated user can bypass directory-level authorisation and perform unauthorised removal, movement, or copying of fi...

8.8CVSS5.4AI score0.00721EPSS