4 matches found
VulnCheck KEV: CVE-2024-33326
A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...
CVE-2024-33327
A cross-site scripting XSS vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter...
CVE-2024-33329
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...
Lumisxp Cross-Site Scripting Vulnerability
LumisXP is a cloud-based digital experience software from Lumis Inc. which helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in Lumisxp versions 15.0.x through 16.1.x, which stems from susceptibility to a cross-site...