Accela Civic Platform vulnerabilities
3 known vulnerabilities affecting accela/civic_platform.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-34369P3MEDIUMCVSS 6.5PoC≤ 20.12021-06-09
CVE-2021-34369 [MEDIUM] CVE-2021-34369: portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attacke
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.
nvd
CVE-2021-33904P3MEDIUMCVSS 6.1PoC≤ 21.12021-06-07
CVE-2021-33904 [MEDIUM] CWE-79 CVE-2021-33904: In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerab
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
nvd
CVE-2021-34370P3MEDIUMCVSS 6.1PoC≤ 20.12021-06-09
CVE-2021-34370 [MEDIUM] CWE-79 CVE-2021-34370: Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendo
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
nvd