ReportizFlow
Filtered by vendor Xerte
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44665 | 1 Xerte | 1 Xerte | 2024-11-21 | 6.5 Medium |
| A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php. | ||||
| CVE-2021-44664 | 1 Xerte | 1 Xerte | 2024-11-21 | 8.8 High |
| An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable. | ||||
Page 1 of 1.