VYPR
Vendor

Lumis

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2024-33329HigJun 26, 2024
    risk 0.49cvss 7.5epss 0.01

    A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information.

  • CVE-2024-33328MedJun 26, 2024
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the pageId parameter.

  • CVE-2024-33327MedJun 26, 2024
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contentHtml parameter.

  • CVE-2021-27931Mar 3, 2021
    risk 0.07cvss epss 0.19

    LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.