Le0Nsec

**Name of the Vulnerable Software and Affected Versions** OneNav version 0.9.14 **Description** An issue in the `index.php` file allows attackers to perform directory traversal. **Recommendations** For OneNav version 0.9.14, update to a version that fixes the issue in `index.php` to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** Alist versions 2.0.10 through 2.1.0 **Description** The issue is a cross-site scripting (XSS) vulnerability. It occurs via the "/i/:data/ipa.plist" API endpoint. This vulnerability was fixed in version 2.1.1. **Recommendations** For versions 2.0.10 through 2.1.0, update to version 2.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the "/i/:data/ipa.plist" API endpoint until the update is applied.