CVE-2021-34370

Опубликовано: 09 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.

Ссылки

http://packetstormsecurity.com/files/163115/Accela-Civic-Platform-21.1-Cross-Site-Scripting-Open-Redirection.html
Exploit
Third Party Advisory
VDB Entry
https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/163115/Accela-Civic-Platform-21.1-Cross-Site-Scripting-Open-Redirection.html
Exploit
Third Party Advisory
VDB Entry
https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accela:civic_platform:*:*:*:*:*:*:*:*

Версия до 20.1 (включая)

EPSS

Процентиль: 93%

0.11651

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m5fq-23j5-h7j7