EPSS
Percentile
34.0%
github.com/xhofe/alist is vulnerable to cross-site scripting. The vulnerability exists in the Plist function in other.go because the user input parameters are not filtered which allows an attacker to inject and execute arbitrary javascript.
Plist
other.go
github.com/advisories/GHSA-jpj5-hg26-6jgc
github.com/Xhofe/alist/commit/6af17e2509a400979420f613fd7f2f9721fdcd6e
github.com/Xhofe/alist/issues/645