Civic Platform

civic_platform

Vendor: Accela • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-34370 1Accela 1Civic Platform Nov 21, 2024 Jun 9, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
CVE-2021-34369 1Accela 1Civic Platform Nov 21, 2024 Jun 9, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that...Show more portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.Show less
CVE-2021-33904 1Accela 1Civic Platform Nov 21, 2024 Jun 7, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the a...Show more In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.Show less
CVE-2016-5660 1Accela 1Civic Platform May 6, 2026 Jul 15, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.