Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Lumis Subscribe
Filtered by product Lumis Experience Platform
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27931 1 Lumis 1 Lumis Experience Platform 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.