exploitDog

GHSA-2rf2-p79x-79wj

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

Ссылки

EPSS

Процентиль: 100%

0.91224

Критический

CVE ID

Дефекты

CWE-611

Связанные уязвимости

CVE-2021-27931

CVSS3: 9.1

nvd

почти 5 лет назад

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

EPSS

Процентиль: 100%

0.91224

Критический

CVE ID

Дефекты

CWE-611