accela CVE Vulnerabilities & Metrics

Focus on accela vulnerabilities and metrics.

Last updated: 25 Nov 2025, 23:25 UTC

About accela Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with accela. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total accela CVEs: 6
Earliest CVE date: 15 Jul 2016, 18:59 UTC
Latest CVE date: 19 Sep 2025, 16:15 UTC

Latest CVE reference: CVE-2025-57644

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical accela CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.9

Max CVSS: 6.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	5
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS accela CVEs

These are the five CVEs with the highest CVSS scores for accela, sorted by severity first and recency.

CVE-2016-5661 accela Published on 15 Jul 2016, 18:59 UTC (CVSS: 6.5)
Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.
CVE-2021-34370 accela Published on 09 Jun 2021, 12:15 UTC (CVSS: 4.3)
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
CVE-2021-33904 accela Published on 07 Jun 2021, 12:15 UTC (CVSS: 4.3)
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
CVE-2016-5660 accela Published on 15 Jul 2016, 18:59 UTC (CVSS: 4.3)
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.
CVE-2021-34369 accela Published on 09 Jun 2021, 12:15 UTC (CVSS: 4.0)
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.

All CVEs for accela

CVE-2025-57644 accela vulnerability CVSS: 0 19 Sep 2025, 16:15 UTC

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation.

CVE-2021-34370 accela vulnerability CVSS: 4.3 09 Jun 2021, 12:15 UTC

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.

CVE-2021-34369 accela vulnerability CVSS: 4.0 09 Jun 2021, 12:15 UTC

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.

CVE-2021-33904 accela vulnerability CVSS: 4.3 07 Jun 2021, 12:15 UTC

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.

CVE-2016-5661 accela vulnerability CVSS: 6.5 15 Jul 2016, 18:59 UTC

Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.

CVE-2016-5660 accela vulnerability CVSS: 4.3 15 Jul 2016, 18:59 UTC

Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.