Vulnerabilities > CVE-2021-27931 - XXE vulnerability in Lumis Experience Platform
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |