Vulnerability Details CVE-2021-34370
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.069
EPSS Ranking 90.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/163115/Accela-Civic-Platform-21.1-Cross-Site-Scripting-Open-Redirection.html
- https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8
- http://packetstormsecurity.com/files/163115/Accela-Civic-Platform-21.1-Cross-Site-Scripting-Open-Redirection.html
- https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8
Products affected by CVE-2021-34370
-
cpe:2.3:a:accela:civic_platform:-
-
cpe:2.3:a:accela:civic_platform:19.2
-
cpe:2.3:a:accela:civic_platform:20.1