GCVE - cpe:2.3:a:accela:civic_platform:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:accela:civic_platform:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Accela (`ef5230de-3bd7-5f66-b508-68f537a8199e`)
Product	Civic Platform (`57571b18-0735-568d-8666-04b9681b33b9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-34370`	vulnerable	2026-06-03 14:44:44.766219	Details available Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information. Published: 2021-06-09T11:32:33.000Z Updated: 2024-08-04T00:12:49.990Z Open on db.gcve.eu Reference links https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8 http://packetstormsecurity.com/files/163115/Accela-Civic-Platform-21.1-Cross-Site-Scripting-Open-Redirection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-34369`	vulnerable	2026-06-03 14:44:44.765901	Details available portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable. Published: 2021-06-09T11:32:43.000Z Updated: 2024-08-04T00:12:49.890Z Open on db.gcve.eu Reference links https://gist.github.com/0xx7/58943bb6e9ef77a09d3c7eb00dcafdc7 http://packetstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-33904`	vulnerable	2026-06-03 14:44:44.374757	Details available In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information. Published: 2021-06-07T11:40:46.000Z Updated: 2024-08-04T00:05:51.668Z Open on db.gcve.eu Reference links https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21 http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.