CVE-2022-45970: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 12, 2022

Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.

References

github.com/advisories/GHSA-957m-g6rf-4c2m
github.com/alist-org/alist/issues/2457
nvd.nist.gov/vuln/detail/CVE-2022-45970

Detect and mitigate CVE-2022-45970 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →