What is CVE-2021-27931?

CVE-2021-27931 is a vulnerability in N/a. Published 2021-03-03.

Is CVE-2021-27931 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-27931

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files…

EPSS: 0.894 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

github.com/sl4cky/LumisXP-XXE---POC/blob/main/poc.txt (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-27931?: CVE-2021-27931 is a vulnerability in N/a. Published 2021-03-03.
Is CVE-2021-27931 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.