Unrated severityNVD Advisory· Published Dec 4, 2023· Updated Feb 25, 2026
Cross-site scripting vulnerability in ACEManager
CVE-2023-40461
Description
The ACEManager component of ALEOS 4.16 and earlier allows an
authenticated user with Administrator privileges to access a file
upload field which does not fully validate the file name, creating a
Stored Cross-Site Scripting condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=4.16+ 1 more
- (no CPE)range: <=4.16
- (no CPE)range: 4.10
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.