Severity: moderate

Cross-Site Scripting

m-server

Overview

Versions of m-server before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that m-server is serving.

Remediation

Update to version 1.4.2 or later.

Advisory timeline

  1. Created

    2018-11-07T21:40:56.783Z
  2. Updated

    2018-11-07T21:41:02.797Z