2 matches found
CVE-2018-16484
The CVE-2018-16484 entry concerns m-server prior to 1.4.2, where filenames displayed in directory listings are not escaped, allowing stored XSS via crafted filenames to execute malicious JavaScript/HTML. Affected component: m-server (module used for static HTTP serving); root cause: lack of escap...
CVE-2018-16484
A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...