CVE-2023-40461 Information

Description

The ACEManager component of ALEOS 4.16 and earlier allows an

authenticated user with Administrator privileges to access a file

upload field which does not fully validate the file name creating a

Stored Cross-Site Scripting condition.

Reference

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2023-006/#sthash.6KUVtE6w.dpbs