-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Storage XSS vulnerability #2457
Comments
This can only be modified by the admin user. But you can do anything if you are admin user. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please make sure of the following things
alist
and not something else(such asDependencies
orOperational
).Alist Version / Alist 版本
v3.5.1
Driver used / 使用的存储驱动
Local
Describe the bug / 问题描述
A storage xss vulnerability exists at the site's bulletin board
Enter the malicious xss payload here
Visit the website homepage, and will find the payload has been executed
Reproduction / 复现链接
<script>alert(111);</script>Logs / 日志
No response
The text was updated successfully, but these errors were encountered: