A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
[
{
"product": "m-server",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "<1.4.2"
}
]
}
]