Vulnerabilities > Accela

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-34369 Unspecified vulnerability in Accela Civic Platform 19.2/20.1
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value.
network
low complexity
accela
6.5
2021-06-09 CVE-2021-34370 Cross-site Scripting vulnerability in Accela Civic Platform 19.2/20.1
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.
network
low complexity
accela CWE-79
6.1
2021-06-07 CVE-2021-33904 Cross-site Scripting vulnerability in Accela Civic Platform
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS.
network
low complexity
accela CWE-79
6.1
2016-07-15 CVE-2016-5661 Improper Access Control vulnerability in Accela Civic Platform Citizen Access Portal
Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.
network
low complexity
accela CWE-284
8.8
2016-07-15 CVE-2016-5660 Cross-site Scripting vulnerability in Accela Civic Platform
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.
network
low complexity
accela CWE-79
6.1