EPSS
Percentile
25.0%
github.com/alist-org/alist is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization in useradmin page which allows a remote attacker to inject and execute malicious javascript on the system.
useradmin
github.com/advisories/GHSA-957m-g6rf-4c2m
github.com/alist-org/alist/issues/2457