Filtered by vendor Accela
Subscribe
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34370 | 1 Accela | 1 Civic Platform | 2024-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information. | |||||
| CVE-2021-34369 | 1 Accela | 1 Civic Platform | 2024-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable. | |||||
| CVE-2021-33904 | 1 Accela | 1 Civic Platform | 2024-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information. | |||||
| CVE-2016-5660 | 1 Accela | 1 Civic Platform | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter. | |||||
| CVE-2016-5661 | 1 Accela | 1 Civic Platform Citizen Access Portal | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters. | |||||