Vulnerability Description
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Accela | Civic Platform | <= 20.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163115/Accela-Civic-Platform-21.1-Cross-SitExploitThird Party AdvisoryVDB Entry
- https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8ExploitThird Party Advisory
- http://packetstormsecurity.com/files/163115/Accela-Civic-Platform-21.1-Cross-SitExploitThird Party AdvisoryVDB Entry
- https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8ExploitThird Party Advisory
FAQ
What is CVE-2021-34370?
CVE-2021-34370 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the availab...
How severe is CVE-2021-34370?
CVE-2021-34370 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34370?
Check the references section above for vendor advisories and patch information. Affected products include: Accela Civic Platform.