m-server before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that
m-server is serving.
Update to version 1.4.2 or later.
Have content suggestions? Send them to [email protected]