CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

RedhatCVE•added 2026/03/27 2:23 p.m.•8 views

CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

9.1CVSS6.8AI score0.18607EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-31071

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00678EPSS

Exploits1References3

VulnCheck KEV•added 2025/09/25 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-33326

A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...

6.1CVSS5.9AI score0.0081EPSS

In wildExploits1References2

RedhatCVE•added 2025/05/23 9:24 a.m.•4 views

CVE-2024-33328

A cross-site scripting XSS vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter...

6.1CVSS5.8AI score0.00448EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:24 a.m.•1 views

CVE-2024-33327

A cross-site scripting XSS vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter...

6.1CVSS5.8AI score0.00406EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:24 a.m.•6 views

CVE-2024-33326

6.1CVSS5.8AI score0.0081EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:24 a.m.•4 views

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...

7.5CVSS7AI score0.00678EPSS

Exploits1References1

Packet Storm•added 2024/07/11 12:0 a.m.•276 views

LumisXP 16.1.x Cross Site Scripting

===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...

6.1CVSS7.1AI score0.00406EPSS

Exploits1

Packet Storm•added 2024/07/11 12:0 a.m.•455 views

LumisXP 16.1.x Hardcoded Credentials / IDOR

7.1AI score0.00678EPSS

Exploits1

Packet Storm•added 2024/07/11 12:0 a.m.•346 views

LumisXP 16.1.x Cross Site Scripting

7.1AI score0.00448EPSS

Exploits1

NVD•added 2024/06/26 7:15 p.m.•16 views

CVE-2024-33327

6.1CVSS0.00406EPSS

Exploits1References2

NVD•added 2024/06/26 7:15 p.m.•13 views

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...

7.5CVSS0.00678EPSS

Exploits1References2

NVD•added 2024/06/26 7:15 p.m.•17 views

CVE-2024-33328

6.1CVSS0.00448EPSS

Exploits1References2

NVD•added 2024/06/26 7:15 p.m.•24 views

CVE-2024-33326

6.1CVSS0.0081EPSS

Exploits1References2

Positive Technologies•added 2024/06/26 12:0 a.m.•3 views

PT-2024-25202 · Lumisxp · Lumisxp

Name of the Vulnerable Software and Affected Versions: Lumisxp versions 15.0.x through 16.1.x Description: A cross-site scripting XSS issue in the XsltResultControllerHtml.jsp component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID...

6.1CVSS6.3AI score0.0081EPSS

Exploits1References7

CVE•added 2024/06/26 12:0 a.m.•39 views

CVE-2024-33327

CVE-2024-33327 is an XSS vulnerability in Lumisxp/LumisXP with affected versions 15.0.x–16.1.x, exploitable via crafted payload in the contentHtml parameter of UrlAccessibilityEvaluation.jsp. This is documented across multiple sources (NVD, Red Hat, CNNVD, PacketStorm, CVE lists) with consistent ...

6.1CVSS5.6AI score0.00406EPSS

Exploits1References2

CVE•added 2024/06/26 12:0 a.m.•52 views

CVE-2024-33328

CVE-2024-33328: LumisXP/Lumisxp versions 15.0.x–16.1.x have a cross-site scripting (XSS) vulnerability in the main.jsp component. The issue allows injection of arbitrary web scripts/HTML via the pageId parameter, as described across multiple sources (Red Hat, NVD, CNVD, PacketStorm, CVE records)....

6.1CVSS5.6AI score0.00448EPSS

Exploits1References2

CNNVD•added 2024/06/26 12:0 a.m.•4 views

Lumisxp Cross-Site Scripting Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. which helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in Lumisxp versions 15.0.x through 16.1.x, which stems from susceptibility to a cross-site...

6.1CVSS6.1AI score0.0081EPSS

Exploits1References3

CNNVD•added 2024/06/26 12:0 a.m.•3 views

LumisXP Security Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP versions v15.0.x through v16.1.x. An attacker exploited the vulnerability to bypas...

7.5CVSS7AI score0.00678EPSS

Exploits1References2

CNNVD•added 2024/06/26 12:0 a.m.•1 views

LumisXP Security Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP version v15.0.x through v16.1.x. An attacker can exploit the vulnerability to...

6.1CVSS6.8AI score0.00406EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by