Accela Civic Platform Citizen Access portal cross-site scripting vulnerability

Accela Civic Platform Citizen Access portal is a web portal for citizens and government to connect and interact. Cross-site scripting vulnerabilities exist in the Accela Civic Platform Citizen Access portal. These vulnerabilities can be exploited by an attacker to steal cookie-based authenticatio...

Accela Civic Platform Citizen Access portal Arbitrary File Upload Vulnerability

The Accela Civic Platform Citizen Access portal is a web portal from Accela, Inc. that connects citizens to government. An arbitrary file upload vulnerability exists in the Accela Civic Platform Citizen Access portal, which can be exploited by an attacker to upload arbitrary files to a web server...

CVE-2016-5661

Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified EventArgument and filename parameters...

CVE-2016-5660

Cross-site scripting XSS vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter...

Code injection

Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified EventArgument and filename parameters...

Cross site scripting

Cross-site scripting XSS vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter...

CVE-2016-5660

CVE-2016-5660 is an XSS vulnerability in the Accela Civic Platform Citizen Access portal, specifically in AttachmentsList.aspx via the iframeid parameter. The issue allows remote attackers to inject arbitrary web script or HTML. Documents indicate vulnerability details but do not specify affected...

CVE-2016-5660

Cross-site scripting XSS vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter...

CVE-2016-5661

Accela Civic Platform Citizen Access portal is affected by CVE-2016-5661: Arbitrary file upload vulnerability where the portal relies on client-side file-type checks and an attacker can bypass these restrictions by manipulating the _EventArgument and filename parameters to upload arbitrary files....

Accela Civic Platform Citizen Access portal contains multiple vulnerabilities

Overview Accela Civic Platform Citizen Access portal contains cross-site scripting and arbitrary file upload vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2016-5660Accela Civic Platform Citizen Access portal contains ...