Vulnerabilities (CVE)

Filtered by vendor Accela Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-34370 1 Accela 1 Civic Platform 2021-06-17 4.3 MEDIUM 6.1 MEDIUM
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.
CVE-2021-34369 1 Accela 1 Civic Platform 2021-06-16 4.0 MEDIUM 6.5 MEDIUM
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value.
CVE-2021-33904 1 Accela 1 Civic Platform 2021-06-11 4.3 MEDIUM 6.1 MEDIUM
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS.
CVE-2016-5660 1 Accela 1 Civic Platform 2020-08-25 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.
CVE-2016-5661 1 Accela 1 Civic Platform Citizen Access Portal 2016-11-28 6.5 MEDIUM 8.8 HIGH
Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.