Lumis Experience Platform Security Vulnerabilities and Issues — Lumis Experience Platform CVE List

Lucene search

LumisLumis Experience Platform

4 matches found

CVE•added 2024/06/26 7:15 p.m.•43 views

CVE-2024-33328

A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter.

6.1CVSS5.6AI score0.00259EPSS

CVE•added 2024/06/26 7:15 p.m.•40 views

CVE-2024-33326

A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter.

6.1CVSS5.6AI score0.00181EPSS

CVE•added 2024/06/26 7:15 p.m.•38 views

CVE-2024-33329

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.

7.5CVSS6.7AI score0.00043EPSS

CVE•added 2024/06/26 7:15 p.m.•32 views

CVE-2024-33327

A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter.

6.1CVSS5.6AI score0.00123EPSS