Description e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. Remediation References CVE-2018-16381 Related Vulnerabilities WordPress Plugin Spectra-WordPress Gutenberg Blocks Multiple Security Bypass Vulnerabilities (2.3.0) WordPress Plugin WooCommerce Smart Coupons Security Bypass (4.6.0) Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-42005) WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.1) WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Cross-Site Scripting (4.19.3) Severity Medium Classification CVE-2018-16381 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities