Skip to main content

Civic Platform

4 CVEs product

Monthly

CVE-2021-34370 MEDIUM POC This Month

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Civic Platform
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
10.0%
CVE-2021-34369 MEDIUM POC This Month

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Civic Platform
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
8.2%
CVE-2021-33904 MEDIUM POC THREAT This Month

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Civic Platform
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
10.1%
CVE-2016-5660 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Civic Platform
NVD
CVSS 3.1
6.1
EPSS
3.5%
EPSS 10% CVSS 6.1
MEDIUM POC This Month

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Civic Platform
NVD GitHub Exploit-DB
EPSS 8% CVSS 6.5
MEDIUM POC This Month

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Civic Platform
NVD GitHub Exploit-DB
EPSS 10% CVSS 6.1
MEDIUM POC THREAT This Month

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Civic Platform
NVD GitHub Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Civic Platform
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy