Lumis Experience Platform Security Vulnerabilities and Issues — Lumis Experience Platform CVE List

Lucene search

LumisLumis Experience Platform

5 matches found

CVE•added 2021/03/03 8:15 p.m.•51 views

CVE-2021-27931

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

9.1CVSS8.8AI score0.87858EPSS

CVE•added 2024/06/26 7:15 p.m.•43 views

CVE-2024-33328

A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter.

6.1CVSS5.6AI score0.00154EPSS

CVE•added 2024/06/26 7:15 p.m.•40 views

CVE-2024-33326

A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter.

6.1CVSS5.6AI score0.00105EPSS

CVE•added 2024/06/26 7:15 p.m.•38 views

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.

7.5CVSS6.7AI score0.00206EPSS

CVE•added 2024/06/26 7:15 p.m.•32 views

CVE-2024-33327

A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter.

6.1CVSS5.6AI score0.00077EPSS