ExpressionEngine - HackerOne Reports
View on HackerOne29
Total Reports
0
Critical
5
High
9
Medium
11
Low
Authenticated RCE via page title
Reported by:
sum-catnip
|
Disclosed:
Medium
Weakness: Code Injection
RCE By import channel field
Reported by:
khaledibnalwalid
|
Disclosed:
High
Weakness: Command Injection - Generic
Persistent XSS via malicious license file
Reported by:
unbaiat
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Import/Convert user file exposure leading to logins/passwords/PII leak.
Reported by:
d0bby
|
Disclosed:
Low
Weakness: Insecure Storage of Sensitive Information
Stored XSS filter bypass on discussion forum. "URL" tag.
Reported by:
d0bby
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Arbitrary forum topic close with GET CSRF.
Reported by:
d0bby
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
Comment/channel unsubscribe GET CSRF
Reported by:
d0bby
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
SQL injection at /admin.php?/cp/members/create
Reported by:
khoabda1
|
Disclosed:
Medium
Weakness: SQL Injection
[EE] Spoof the redirect process
Reported by:
flex0geek
|
Disclosed:
Low
Weakness: Open Redirect
Previous
Page 2 of 2