Description
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
Remediation
References
https://hackerone.com/reports/319794
Related Vulnerabilities
CVE-2023-24789 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent
CVE-2020-7627 Vulnerability in npm package node-key-sender
CVE-2021-32859 Vulnerability in npm package baremetrics-calendar
CVE-2023-31890 Vulnerability in maven package com.glazedlists:glazedlists
CVE-2010-1870 Vulnerability in maven package org.apache.struts:struts2-core