EPSS
Percentile
24.8%
Versions of m-server before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that m-server is serving.
m-server
Update to version 1.4.2 or later.
github.com/advisories/GHSA-gmxv-xf2q-6j8m
github.com/nodejs/security-wg/blob/master/vuln/npm/467.json
hackerone.com/reports/319794
nvd.nist.gov/vuln/detail/CVE-2018-16484
www.npmjs.com/advisories/729