m-server is vulnerable to cross-site scripting (XSS). It is possible for an attacker to embed an iframe
containing malicious Javascript code via filenames. This is due to a lack of output encoding when the m-server displays content of the selected directory.