Lumis - Lumis Experience Platform CVE - CVE Search - CVE Details

Filtered by vendor Lumis Subscribe

Filtered by product Lumis Experience Platform

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-27931	1 Lumis	1 Lumis Experience Platform	2021-03-10	6.4 MEDIUM	9.1 CRITICAL
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

Vulnerabilities (CVE)