CVE-2016-5660
MEDIUMAccela Civic Platform - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.
Scores
CVSS v3
6.1
EPSS
0.0348
EPSS Percentile
87.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
draft
Affected Products (1)
accela/civic_platform
Timeline
Published
Jul 15, 2016
Tracked Since
Feb 18, 2026