CVE-2021-34369
- EPSS 6.77%
- Published 09.06.2021 12:15:08
- Last modified 21.11.2024 06:10:14
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized...
CVE-2021-34370
- EPSS 5.48%
- Published 09.06.2021 12:15:08
- Last modified 21.11.2024 06:10:15
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
CVE-2021-33904
- EPSS 6.9%
- Published 07.06.2021 12:15:09
- Last modified 21.11.2024 06:09:45
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
CVE-2016-5660
- EPSS 0.56%
- Published 15.07.2016 18:59:09
- Last modified 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.