Vulnerabilities > CVE-2021-27931 - XXE vulnerability in Lumis Experience Platform
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |