VYPR

Xerte

by Xerte

Source repositories

CVEs (4)

  • CVE-2021-44665MedFeb 24, 2022
    risk 0.04cvss 6.5epss 0.08

    A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.

  • CVE-2021-44664HigFeb 24, 2022
    risk 0.04cvss 8.8epss 0.13

    An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can…

  • CVE-2021-44663CriFeb 24, 2022
    risk 0.00cvss 9.8epss 0.04

    A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php.

  • CVE-2021-44662MedFeb 24, 2022
    risk 0.00cvss 6.1epss 0.01

    A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php.