Vulnerability Details CVE-2018-16484
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2018-16484
-
cpe:2.3:a:m-server_project:m-server:0.0.1
-
cpe:2.3:a:m-server_project:m-server:0.0.2
-
cpe:2.3:a:m-server_project:m-server:1.0.0
-
cpe:2.3:a:m-server_project:m-server:1.0.1
-
cpe:2.3:a:m-server_project:m-server:1.0.2
-
cpe:2.3:a:m-server_project:m-server:1.0.3
-
cpe:2.3:a:m-server_project:m-server:1.0.4
-
cpe:2.3:a:m-server_project:m-server:1.1.4
-
cpe:2.3:a:m-server_project:m-server:1.1.7
-
cpe:2.3:a:m-server_project:m-server:1.1.8
-
cpe:2.3:a:m-server_project:m-server:1.2.0
-
cpe:2.3:a:m-server_project:m-server:1.2.1
-
cpe:2.3:a:m-server_project:m-server:1.3.0
-
cpe:2.3:a:m-server_project:m-server:1.3.1
-
cpe:2.3:a:m-server_project:m-server:1.3.2
-
cpe:2.3:a:m-server_project:m-server:1.3.3
-
cpe:2.3:a:m-server_project:m-server:1.3.4
-
cpe:2.3:a:m-server_project:m-server:1.4.0
-
cpe:2.3:a:m-server_project:m-server:1.4.1