Lucene search
HistoryDec 04, 2023 - 11:15 p.m.
CVE-2023-40461
acemanager
aleos
file upload
vulnerability
stored cross-site scripting
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.1%
The ACEManager
component of ALEOS 4.16 and earlier allows an
authenticated user
with Administrator privileges to access a file
upload field which
does not fully validate the file name, creating a
Stored Cross-Site
Scripting condition.
Affected configurations
Node
sierrawirelessaleosRange≤4.16.0
sierrawirelesses450Match-
ORsierrawirelessgx450Match-
ORsierrawirelesslx40Match-
ORsierrawirelesslx60Match-
ORsierrawirelessmp70Match-
ORsierrawirelessrv50xMatch-
ORsierrawirelessrv55Match-
Related
cve
cve
CVE-2023-40461
2023-12-04 23:15:25
cvelist
cvelist
CVE-2023-40461 Cross-site scripting vulnerability in ACEManager
2023-12-04 22:52:13
prion
prion
Cross site scripting
2023-12-04 23:15:00
ics
ics
Sierra Wireless AirLink with ALEOS firmware
2023-12-07 12:00:00
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.1%
Related for NVD:CVE-2023-40461