This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.
A CGI script on the remote web server is vulnerable to an XSS attack.
The remote Simple File Manager CGI (fm.php) improperly validates
the names of the directories entered and created by the user.
As a result, a user could generate a cross-site scripting attack
on this host.
Upgrade to SFM 0.21 or newer.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true