Lucene search

CVE-2024-33327

🗓️ 26 Jun 2024 19:13:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 28 Views🌐 WEB

Cross-site scripting vulnerability in Lumisxp v15.0.x to v16.1.

Reporter	Title	Published	Views	Family All 4
NVD	CVE-2024-33327	26 Jun 202419:15	–	nvd
Vulnrichment	CVE-2024-33327	26 Jun 202400:00	–	vulnrichment
Cvelist	CVE-2024-33327	26 Jun 202400:00	–	cvelist
Packet Storm	LumisXP 16.1.x Cross Site Scripting	11 Jul 202400:00	–	packetstorm

Source	Link
seclists	www.seclists.org/fulldisclosure/2024/Jul/9
gist	www.gist.github.com/rodnt/c53d4c95bb6966f0a2cf381ae5089c79

Parameter	Position	Path	Description	CWE
contentHtml	query param	/lumis/service/htmlevaluation/UrlAccessibilityEvaluation.jsp	XSS vulnerability allowing execution of arbitrary scripts via contentHtml parameter.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Jun 2024 19:15Current

5.6Medium risk

Vulners AI Score5.6

CVSS36.1

EPSS0.00043

SSVC

CWE-79