36 matches found
CVE-2021-27931
LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...
EUVD-2024-31071
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2024-33326
A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...
CVE-2024-33328
A cross-site scripting XSS vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter...
CVE-2024-33327
A cross-site scripting XSS vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter...
CVE-2024-33326
A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...
CVE-2024-33329
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...
LumisXP 16.1.x Cross Site Scripting
===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...
LumisXP 16.1.x Hardcoded Credentials / IDOR
===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...
LumisXP 16.1.x Cross Site Scripting
===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...
CVE-2024-33327
A cross-site scripting XSS vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter...
CVE-2024-33329
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...
CVE-2024-33328
A cross-site scripting XSS vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter...
CVE-2024-33326
A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...
CVE-2024-33328
A cross-site scripting XSS vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter...
CVE-2024-33326
A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...
CVE-2024-33328
CVE-2024-33328: LumisXP/Lumisxp versions 15.0.x–16.1.x have a cross-site scripting (XSS) vulnerability in the main.jsp component. The issue allows injection of arbitrary web scripts/HTML via the pageId parameter, as described across multiple sources (Red Hat, NVD, CNVD, PacketStorm, CVE records)....
LumisXP Security Vulnerability
LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP versions v15.0.x through v16.1.x. An attacker exploited the vulnerability to bypas...
CVE-2024-33326
LumisXP/XuLumisxp vulnerability CVE-2024-33326 affects LumisXP versions 15.0.x through 16.1.x. The XSS is in the XsltResultControllerHtml.jsp component, exploitable via a crafted payload in the lumPageID parameter, allowing arbitrary JavaScript execution in the victim’s browser (impact: confident...
LumisXP Security Vulnerability
LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP version v15.0.x through v16.1.x. An attacker can exploit the vulnerability to...