CVE-2021-33904

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)

Exploit Title: Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting XSS Exploit Author: Abdulazeez Alaseeri Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Tested on: JBoss server/windows Type: Web App Date: 06/07/2021 CVE: CVE-2021-33904...

CVE-2021-33904

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

CVE-2021-33904

Accela Civic Platform

PT-2021-20359 · Accela · Accela Civic Platform

Name of the Vulnerable Software and Affected Versions: Accela Civic Platform versions prior to 21.2 Description: The issue concerns a security problem where the servProvCode parameter in the "security/hostSignon.do" endpoint is vulnerable to XSS. The vendor has noted that there are configurable...