漏洞描述
Accela Civic Platform Citizen Access portal是美国Accela公司的一套用于公民和政府连接交流互动的门户网站。 Accela Civic Platform Citizen Access portal中存在跨站脚本漏洞和任意文件上传漏洞。攻击者可利用这些漏洞窃取基于cookie的身份认证信息,在浏览器上下文中执行任意脚本,上传任意文件到Web服务器。
Accela Civic Platform Citizen Access portal 跨站脚本漏洞和任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC openvpn-as-config-exposure: OpenVPN Access Server - Configuration Exposure
- POC cacti-guest-access-enabled: Cacti - Guest User Access Enabled
- POC CVE-2021-21246: OneDev < 4.0.3 - User Access Token Leak
- POC CVE-2022-0188: CMP WordPress < 4.0.19 - Broken Access Control
- POC CVE-2025-55303: Astro - Unauthorized Third-Party Image Access
- POC CVE-2026-23550: Modular DS - Broken Access Control
- POC servicestack-requestlogs: ServiceStack Request Logs - Unauthenticated Access
- POC adminbro-dashboard-exposure: AdminBro Dashboard - Unauthenticated Access
- POC fortra-filecatalyst-anonymous-access: Fortra FileCatalyst - Anonymous Access
- POC CVE-2020-9039: Couchbase Server - Broken Access Control
- POC CVE-2021-28799: QNAP HBS 3 - Broken Access Control
- POC CVE-2021-37598: WP Cerber < 8.9.3 - Broken Access Control
- POC jhipster-default-login: JHipster Platform - Default Login