Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to execute JavaScript by uploading SVG images with embedded JavaScript.
asustor data master 3.1.1