Vulnerability Details CVE-2021-33904
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.123
EPSS Ranking 93.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html
- https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21
- http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html
- https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21
Products affected by CVE-2021-33904
-
cpe:2.3:a:accela:civic_platform:-
-
cpe:2.3:a:accela:civic_platform:19.2
-
cpe:2.3:a:accela:civic_platform:20.1
-
cpe:2.3:a:accela:civic_platform:20.2
-
cpe:2.3:a:accela:civic_platform:21.1