Vulnerabilities > Accela
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-09 | CVE-2021-34369 | Unspecified vulnerability in Accela Civic Platform 19.2/20.1 portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. | 6.5 |
2021-06-09 | CVE-2021-34370 | Cross-site Scripting vulnerability in Accela Civic Platform 19.2/20.1 Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. | 6.1 |
2021-06-07 | CVE-2021-33904 | Cross-site Scripting vulnerability in Accela Civic Platform In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. | 6.1 |
2016-07-15 | CVE-2016-5661 | Improper Access Control vulnerability in Accela Civic Platform Citizen Access Portal Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters. | 8.8 |
2016-07-15 | CVE-2016-5660 | Cross-site Scripting vulnerability in Accela Civic Platform Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter. | 6.1 |