This page lists publicly disclosed CVE vulnerabilities affecting accela civic_platform (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-34370 | Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information. | [email protected] | 6.1 | 8.46% | 2021-06-09 | 2024-11-21 |
| CVE-2021-34369 | portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable. | [email protected] | 6.5 | 6.77% | 2021-06-09 | 2024-11-21 |
| CVE-2021-33904 | In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information. | [email protected] | 6.1 | 10.84% | 2021-06-07 | 2024-11-21 |
| CVE-2016-5660 | Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter. | [email protected] | 6.1 | 3.48% | 2016-07-15 | 2026-05-06 |