CVE-2016-5660
Description
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in AttachmentsList.aspx of Accela Civic Platform Citizen Access portal allows arbitrary script injection via the iframeid parameter.
Vulnerability
The iframeid parameter in AttachmentsList.aspx of Accela Civic Platform Citizen Access portal is vulnerable to cross-site scripting (XSS) [1]. An attacker can inject arbitrary web script or HTML via this parameter, which is not properly sanitized. The vulnerability is classified as CWE-79 [1].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by crafting a malicious URL with a iframeid parameter containing JavaScript payload. When a victim accesses this URL, the script executes in the context of the victim's browser session [1]. No user interaction beyond clicking the link is required.
Impact
Successful exploitation allows the attacker to execute arbitrary script in the victim's browser. This can lead to session hijacking, defacement, or theft of sensitive information accessible in the portal context [1].
Mitigation
As of the publication date, the vendor (Accela) indicated that a fix was being produced, but no patch or version information is available [1]. Users are advised to contact their Accela customer support representative for updates [1]. No workaround is provided.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.kb.cert.org/vuls/id/665280nvdThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/JLAD-ABMPVAnvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/91765nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.