Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.9 views

CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

9.1CVSS6.8AI score0.18607EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-31071

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00678EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/09/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-33326

A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...

6.1CVSS5.9AI score0.0081EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.5 views

CVE-2024-33328

A cross-site scripting XSS vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter...

6.1CVSS5.8AI score0.00448EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.2 views

CVE-2024-33327

A cross-site scripting XSS vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter...

6.1CVSS5.8AI score0.00406EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.7 views

CVE-2024-33326

A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...

6.1CVSS5.8AI score0.0081EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.5 views

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...

7.5CVSS7AI score0.00678EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/07/11 12:0 a.m.277 views

LumisXP 16.1.x Cross Site Scripting

===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...

6.1CVSS7.1AI score0.00406EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/07/11 12:0 a.m.352 views

LumisXP 16.1.x Cross Site Scripting

===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...

7.1AI score0.00448EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/07/11 12:0 a.m.467 views

LumisXP 16.1.x Hardcoded Credentials / IDOR

===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...

7.1AI score0.00678EPSS
Exploits1
NVD
NVD
added 2024/06/26 7:15 p.m.22 views

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...

7.5CVSS0.00678EPSS
Exploits1References2
NVD
NVD
added 2024/06/26 7:15 p.m.25 views

CVE-2024-33327

A cross-site scripting XSS vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter...

6.1CVSS0.00406EPSS
Exploits1References2
NVD
NVD
added 2024/06/26 7:15 p.m.25 views

CVE-2024-33326

A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...

6.1CVSS0.0081EPSS
Exploits1References2
NVD
NVD
added 2024/06/26 7:15 p.m.17 views

CVE-2024-33328

A cross-site scripting XSS vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter...

6.1CVSS0.00448EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/26 12:0 a.m.14 views

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...

7AI score0.00678EPSS
Exploits1References2
CVE
CVE
added 2024/06/26 12:0 a.m.66 views

CVE-2024-33326

LumisXP/XuLumisxp vulnerability CVE-2024-33326 affects LumisXP versions 15.0.x through 16.1.x. The XSS is in the XsltResultControllerHtml.jsp component, exploitable via a crafted payload in the lumPageID parameter, allowing arbitrary JavaScript execution in the victim’s browser (impact: confident...

6.1CVSS5.6AI score0.0081EPSS
In wildExploits1References2
CVE
CVE
added 2024/06/26 12:0 a.m.53 views

CVE-2024-33328

CVE-2024-33328: LumisXP/Lumisxp versions 15.0.x–16.1.x have a cross-site scripting (XSS) vulnerability in the main.jsp component. The issue allows injection of arbitrary web scripts/HTML via the pageId parameter, as described across multiple sources (Red Hat, NVD, CNVD, PacketStorm, CVE records)....

6.1CVSS5.6AI score0.00448EPSS
Exploits1References2
CVE
CVE
added 2024/06/26 12:0 a.m.40 views

CVE-2024-33327

CVE-2024-33327 is an XSS vulnerability in Lumisxp/LumisXP with affected versions 15.0.x–16.1.x, exploitable via crafted payload in the contentHtml parameter of UrlAccessibilityEvaluation.jsp. This is documented across multiple sources (NVD, Red Hat, CNNVD, PacketStorm, CVE lists) with consistent ...

6.1CVSS5.6AI score0.00406EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/26 12:0 a.m.26 views

CVE-2024-33328

A cross-site scripting XSS vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter...

0.00448EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/26 12:0 a.m.23 views

CVE-2024-33327

A cross-site scripting XSS vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter...

0.00406EPSS
Exploits1References2
Rows per page
Query Builder