In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-07T11:40:46
Updated: 2021-09-28T13:20:40
Reserved: 2021-06-07T00:00:00
Link: CVE-2021-33904
JSON object: View
NVD Information
Status : Modified
Published: 2021-06-07T12:15:09.107
Modified: 2024-05-17T01:58:07.877
Link: CVE-2021-33904
JSON object: View
Redhat Information
No data.
CWE