RSS   Vulnerabilities for 'Lumis experience platform'   RSS

2021-03-03
 
CVE-2021-27931

CWE-611
 

 
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

 


Copyright 2024, cxsecurity.com

 

Back to Top