Browse all 4 CVE security advisories affecting thexerteproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Xerte Project is an open-source e-learning content creation tool used for developing interactive educational resources. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues. The project maintains a moderate security profile with four CVEs recorded, primarily stemming from input validation weaknesses and improper access controls. While no major public security incidents have been documented, the consistent discovery of RCE vulnerabilities in multiple versions highlights ongoing challenges in secure coding practices. Users are advised to maintain current versions and implement additional security controls when deploying Xerte in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34413 | Xerte Online Toolkits Missing Authentication via connector.php — xerteonlinetoolkitsCWE-497 | 8.6 | High | 2026-04-22 |
| CVE-2026-34415 | Xerte Online Toolkits File Upload RCE via elfinder Connector — xerteonlinetoolkitsCWE-184 | 9.8 | Critical | 2026-04-22 |
| CVE-2026-34414 | Xerte Online Toolkits Path Traversal via connector.php — xerteonlinetoolkitsCWE-22 | 7.1 | High | 2026-04-22 |
| CVE-2026-41459 | Xerte Online Toolkits Path Disclosure via /setup — xerteonlinetoolkitsCWE-497 | 5.3 | Medium | 2026-04-22 |
This page lists every published CVE security advisory associated with thexerteproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.