An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument.Referenceshttps://github.com/grymer/CVE/blob/master/CVE-2018-16718.md
