Vendor
Alist
Products
1
CVEs
6
Across products
6
Status
Private
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-33498 | 0.00 | — | 0.01 | Jun 7, 2023 | alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. | |||
| CVE-2023-31726 | 0.00 | — | 0.01 | May 23, 2023 | AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | |||
| CVE-2022-45969 | 0.00 | — | 0.01 | Dec 15, 2022 | Alist v3.4.0 is vulnerable to Directory Traversal, | |||
| CVE-2022-45968 | 0.00 | — | 0.01 | Dec 12, 2022 | Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | |||
| CVE-2022-45970 | 0.00 | — | 0.00 | Dec 12, 2022 | Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board. | |||
| CVE-2022-26533 | 0.00 | — | 0.01 | Mar 12, 2022 | Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. |
- CVE-2023-33498Jun 7, 2023risk 0.00cvss —epss 0.01
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
- CVE-2023-31726May 23, 2023risk 0.00cvss —epss 0.01
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
- CVE-2022-45969Dec 15, 2022risk 0.00cvss —epss 0.01
Alist v3.4.0 is vulnerable to Directory Traversal,
- CVE-2022-45968Dec 12, 2022risk 0.00cvss —epss 0.01
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).
- CVE-2022-45970Dec 12, 2022risk 0.00cvss —epss 0.00
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.
- CVE-2022-26533Mar 12, 2022risk 0.00cvss —epss 0.01
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.