VYPR
Unrated severityNVD Advisory· Published Dec 4, 2023· Updated Feb 25, 2026

Cross-site scripting vulnerability in ACEManager

CVE-2023-40461

Description

The ACEManager component of ALEOS 4.16 and earlier allows an

authenticated user with Administrator privileges to access a file

upload field which does not fully validate the file name, creating a

Stored Cross-Site Scripting condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.