Alist versions 2.0.10 through 2.1.0 were discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. This issue was fixed in version 2.1.1.
{ "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-03-23T15:47:27Z", "nvd_published_at": "2022-03-12T01:15:00Z", "cwe_ids": [ "CWE-79" ] }