Cross-site scripting vulnerability in ACEManager
CVE-2023-40461

4.8MEDIUM

Key Information:

Vendor

SierraWireless

Status
ALEOS
Vendor
CVE Published:
4 December 2023

What is CVE-2023-40461?

The ACEManager component of ALEOS 4.16 and earlier allows an

authenticated user with Administrator privileges to access a file

upload field which does not fully validate the file name, creating a

Stored Cross-Site Scripting condition.

Affected Version(s)

ALEOS 4.10 <= 4.16

ALEOS 0 <= 4.9.8

References

https://source.sierrawireless.com/resources/security-bull...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.