[github.com/Xhofe/alist] Cross-site Scripting in Alist

Alist versions 2.0.10 through 2.1.0 were discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. This issue was fixed in version 2.1.1.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-26533
• https://github.com/Xhofe/alist/issues/645
• https://github.com/Xhofe/alist/commit/6af17e2509a400979420f613fd7f2f9721fdcd6e
• https://github.com/advisories/GHSA-jpj5-hg26-6jgc