Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

ICS
ICSadded 2023/12/07 7:0 a.m.60 views

Sierra Wireless AirLink with ALEOS firmware

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Sierra Wireless Equipment : AirLink Vulnerabilities : Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded...

8.1CVSS8AI score0.013EPSS
Exploits2References8
OSV
OSVadded 2023/12/04 11:15 p.m.2 views

CVE-2023-40461

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition...

4.8CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2023/12/04 10:52 p.m.41 views

CVE-2023-40461

CVE-2023-40461 : Stored Cross-Site Scripting in the ACEManager file upload field of Sierra Wireless AirLink ALEOS (versions 4.16 and earlier). An authenticated administrator can upload files with names that are not fully validated, enabling client-side script execution within ACEManager and affec...

8.1CVSS6AI score0.0001EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder