Storage XSS vulnerability

[Shydlock]

Please make sure of the following things

• I have read the documentation.
• I'm sure there are no duplicate issues or discussions.
• I'm sure it's due to alist and not something else(such as Dependencies or Operational).
• I'm sure I'm using the latest version

Alist Version / Alist 版本

v3.5.1

Driver used / 使用的存储驱动

Local

Describe the bug / 问题描述

A storage xss vulnerability exists at the site's bulletin board

• Enter the malicious xss payload here
  

• Visit the website homepage, and will find the payload has been executed
  

Reproduction / 复现链接

<script>alert(111);</script>

Logs / 日志

No response

[xhofe]

This can only be modified by the admin user. But you can do anything if you are admin user.

[github-actions]

Hello @Shydlock, your issue is invalid and will be closed.
你好 @Shydlock，你的issue无效，将被关闭。