Cross site scripting

2019-02-0118:29:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.

CPENameOperatorVersion
m-serverlt1.4.2

CPE	Name	Operator	Version
	m-server	lt	1.4.2

References

hackerone.com/reports/319794