VYPR

Alist

by Alist

CVEs (6)

  • CVE-2023-33498Jun 7, 2023
    risk 0.00cvss epss 0.01

    alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.

  • CVE-2023-31726May 23, 2023
    risk 0.00cvss epss 0.01

    AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.

  • CVE-2022-45969Dec 15, 2022
    risk 0.00cvss epss 0.01

    Alist v3.4.0 is vulnerable to Directory Traversal,

  • CVE-2022-45970Dec 12, 2022
    risk 0.00cvss epss 0.00

    Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.

  • CVE-2022-45968Dec 12, 2022
    risk 0.00cvss epss 0.01

    Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).

  • CVE-2022-26533Mar 12, 2022
    risk 0.00cvss epss 0.01

    Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.