e107 2.1.8 has XSS via the e107admin/users.php?mode=main&action=list userloginname parameter.
{ "cpe": "cpe:2.3:a:e107:e107:2.1.8:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "2.1.8" }, { "last_affected": "2.1.8" } ], "source": "CPE_STRING" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16381.json"