{"uuid": "f25b518b-2a0b-40c0-b77f-cf10660bdcd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27931", "type": "seen", "source": "https://t.me/cibsecurity/24429", "content": "\u203c CVE-2021-27931 \u203c\n\nLumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-03T22:45:43.000000Z"}