← Back

Xerte

xerte

Vendor: Xerte • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-44665
1Xerte
1Xerte
Jun 17, 2026
Feb 24, 2022
N/A· v4
6.5 MEDIUM· v3
3.5 LOW· v2
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.
CVE-2021-44664
1Xerte
1Xerte
Jun 17, 2026
Feb 24, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a lang...Show more
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.Show less