Filtered by vendor Lumis
Subscriptions
Filtered by product Lumis Experience Platform
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27931 | 1 Lumis | 1 Lumis Experience Platform | 2024-08-03 | 9.1 Critical |
| LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. | ||||
| CVE-2024-33328 | 1 Lumis | 1 Lumis Experience Platform | 2024-08-02 | N/A |
| A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter. | ||||
| CVE-2024-33327 | 1 Lumis | 1 Lumis Experience Platform | 2024-08-02 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter. | ||||
| CVE-2024-33329 | 1 Lumis | 1 Lumis Experience Platform | 2024-08-02 | N/A |
| A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information. | ||||
| CVE-2024-33326 | 1 Lumis | 1 Lumis Experience Platform | 2024-08-02 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter. | ||||
Page 1 of 1.