Lucene search
K

5 matches found

Nuclei
Nuclei
added 17 hours ago29 views

LumisXP - Cross-site Scripting

A cross-site scripting XSS vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter. id: CVE-2024-33326 info: name: LumisXP - Cross-site Scripting author: 0xr2r severity: medium...

6.1CVSS6AI score0.0081EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday36 views

LumisXP <10.0.0 - Blind XML External Entity Attack

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XML external entity XXE attacks via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. id:...

9.1CVSS7.2AI score0.18607EPSS
Exploits1References4
OSV
OSV
added 2026/06/29 6:50 p.m.4 views

EEF-CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Summary Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: \full\info\string: true\ ar...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

9.1CVSS7.3AI score0.18607EPSS
Exploits1References1
CVE
CVE
added 2021/03/03 7:38 p.m.72 views

CVE-2021-27931

LumisXP

9.1CVSS8.8AI score0.18607EPSS
In wildExploits1References1Affected Software1
Rows per page
Query Builder