.. / CVE-2021-34370

Exploit for Accela Civic Platform <=21.1 - Cross-Site Scripting (CVE-2021-34370)

Description:

Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via ssoAdapter/logoutAction.do successURL.

Nuclei Template

View the template here CVE-2021-34370.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-34370.yaml
Copy

References:

https://github.com/ARPSyndicate/cvemon
https://www.accela.com/civic-platform/
https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8
https://www.exploit-db.com/exploits/49990
https://nvd.nist.gov/vuln/detail/CVE-2021-34370