Moderate severityNVD Advisory· Published Sep 30, 2024· Updated Sep 30, 2024
Alist Contains a Reflected Cross-Site Scripting Vulnerability
CVE-2024-47067
Description
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/alist-org/alist/v3Go | < 3.29.0 | 3.29.0 |
Affected products
8- ghsa-coords7 versionspkg:golang/github.com/alist-org/alist/v3pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Package%20Hub%2012
< 3.29.0+ 6 more
- (no CPE)range: < 3.29.0
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-1.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241030T212825-150000.1.9.1
- (no CPE)range: < 0.0.20241104T154416-5.1
- alist-org/alistv5Range: < 3.29.0
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-8pph-gfhp-w226ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47067ghsaADVISORY
- securitylab.github.com/advisories/GHSL-2023-220_AlistghsaADVISORY
- github.com/alist-org/alist/commit/6100647310594868e931f3de1188ddd8bde93b78ghsax_refsource_MISCWEB
- securitylab.github.com/advisories/GHSL-2023-220_Alist/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.