Vulnerabilities > Ellislab

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-01	CVE-2018-17874	Cross-site Scripting vulnerability in Expressionengine ExpressionEngine before 4.3.5 has reflected XSS. network ellislab expressionengine CWE-79	4.3
2017-11-17	CVE-2017-1000160	Cross-site Scripting vulnerability in Expressionengine 3.4.2 EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection network ellislab CWE-79	3.5
2014-11-04	CVE-2014-5387	SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php. network low complexity ellislab expressionengine CWE-89	6.5

Vulnerabilities > Ellislab {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ellislab"}]}