In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS.
Published June 7, 2021.
Accela Civic Platform