Vulnerabilities > Ellislab
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-01 | CVE-2018-17874 | Cross-site Scripting vulnerability in Expressionengine ExpressionEngine before 4.3.5 has reflected XSS. | 4.3 |
2017-11-17 | CVE-2017-1000160 | Cross-site Scripting vulnerability in Expressionengine 3.4.2 EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | 3.5 |
2014-11-04 | CVE-2014-5387 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php. | 6.5 |