Arbitrary Web Script Injection Vulnerability in Accela Civic Platform Citizen Access Portal

Arbitrary Web Script Injection Vulnerability in Accela Civic Platform Citizen Access Portal

CVE-2016-5660 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.

Learn more about our Web App Pen Testing.