Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability


The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products

Accela Technology
  • Accela BizSearch Enterprise Edition V3.0L10
  • Accela BizSearch Enterprise Edition V3.0L10A
  • Accela BizSearch Enterprise Edition V3.0L12
  • Accela BizSearch Enterprise Edition V3.1L10
  • Accela BizSearch Enterprise Edition V3.2L10v
  • Accela BizSearch Standard Edition V3.0L10
  • Accela BizSearch Standard Edition V3.0L10A
  • Accela BizSearch Standard Edition V3.0L12
  • Accela BizSearch Standard Edition V3.1L10
  • Accela BizSearch Standard Edition V3.2L10
  • Accela BizSearch Workgroup Edition V3.0L10
  • Accela BizSearch Workgroup Edition V3.0L10A
  • Accela BizSearch Workgroup Edition V3.0L12
  • Accela BizSearch Workgroup Edition V3.1L10
  • Accela BizSearch Workgroup Edition V3.2L10
  • eAccela BizSearch Enterprise Edition V1.0
  • eAccela BizSearch Enterprise Edition V2.0
  • eAccela BizSearch Enterprise Edition V2.0A
  • eAccela BizSearch Enterprise Edition V2.1
  • eAccela BizSearch Enterprise Edition V2.1L12
  • eAccela BizSearch Standard Edition V1.0
  • eAccela BizSearch Standard Edition V2.0
  • eAccela BizSearch Standard Edition V2.0A
  • eAccela BizSearch Standard Edition V2.1
  • eAccela BizSearch Standard Edition V2.1A
  • eAccela BizSearch Standard Edition V2.1L12
  • eAccela BizSearch Workgroup Edition V1.0
  • eAccela BizSearch Workgroup Edition V2.0
  • eAccela BizSearch Workgroup Edition V2.0A
  • eAccela BizSearch Workgroup Edition V2.1
  • eAccela BizSearch Workgroup Edition V2.1A
  • eAccela BizSearch Workgroup Edition V2.1L12


By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page (the "targeted website") via the Internet, a remote attacker could execute arbitrary code on the computer of the visitors (the "victims") who have accessed the website.

Please refer to the 'Vendor Information' and 'References' section for the countermeasures and take appropriate action.
Vendor Information

Accela Technology
  • Accela Technology Corporation : Top Page (Japanese)
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)


Revision History

  Web page published