CVE-2021-33904 PoC — Accela Civic Platform 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-33904.yaml

Associated Vulnerability

Title:Accela Civic Platform 跨站脚本漏洞 (CVE-2021-33904)
Description:Accela Civic Platform是Accela公司的应用软件基于云的解决方案使城市系统现代化，以实现土地管理和法规执行、增加公民参与和移动信息访问 Accela 存在跨站脚本漏洞，该漏洞源于Accela平台缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Description

Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via the security/hostSignon.do parameter servProvCode.

File Snapshot


 id: CVE-2021-33904

info:
  name: Accela Civic Platform <=21.1 - Cross-Site Scripting
  author: geek

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!