What the vulnerability does

01Description

A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.

Key dates

02Disclosure timeline

February 1, 2019 CVE published
August 5, 2024 Record updated