Vendor
Alist
Products
1
CVEs
6
Across products
6
Status
Private
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-33498 | Hig | 0.57 | 8.8 | 0.01 | Jun 7, 2023 | alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. | ||
| CVE-2022-45969 | Cri | 0.57 | 9.8 | 0.01 | Dec 15, 2022 | Alist v3.4.0 is vulnerable to Directory Traversal, | ||
| CVE-2022-45968 | Hig | 0.50 | 8.8 | 0.01 | Dec 12, 2022 | Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | ||
| CVE-2023-31726 | Hig | 0.49 | 7.5 | 0.01 | May 23, 2023 | AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | ||
| CVE-2022-45970 | Med | 0.35 | 5.4 | 0.00 | Dec 12, 2022 | Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board. | ||
| CVE-2022-26533 | Med | 0.33 | 6.1 | 0.01 | Mar 12, 2022 | Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. |
- risk 0.57cvss 8.8epss 0.01
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
- risk 0.57cvss 9.8epss 0.01
Alist v3.4.0 is vulnerable to Directory Traversal,
- risk 0.50cvss 8.8epss 0.01
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).
- risk 0.49cvss 7.5epss 0.01
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
- risk 0.35cvss 5.4epss 0.00
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.
- risk 0.33cvss 6.1epss 0.01
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.