CVE-2016-5660

Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.
References
Link Resource
http://www.kb.cert.org/vuls/id/665280 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/JLAD-ABMPVA Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/91765 Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/665280 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/JLAD-ABMPVA Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/91765 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:accela:civic_platform:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:54

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/665280 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/665280 - Third Party Advisory, US Government Resource
References () http://www.kb.cert.org/vuls/id/JLAD-ABMPVA - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/JLAD-ABMPVA - Third Party Advisory, US Government Resource
References () http://www.securityfocus.com/bid/91765 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/91765 - Third Party Advisory, VDB Entry

Information

Published : 2016-07-15 18:59

Updated : 2024-11-21 02:54


NVD link : CVE-2016-5660

Mitre link : CVE-2016-5660

CVE.ORG link : CVE-2016-5660


JSON object : View

Products Affected

accela

  • civic_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')