Reports in concrete cms program: S.No Title Bounty 1 CSRF Full Account Takeover $0.0 2 Local File Inclusion path bypass $0.0 3 Full Page Caching Stored XSS Vulnerability $0.0 4 Stored XSS in RSS Feeds Title (Concrete5 v8.1.0) $0.0 5 Stored XSS in Express Objects - Concrete5 v8.1.0 $0.0 6 Password Reset link hijacking via Host Header Poisoning $0.0 7 Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ] $0.0 8 Content Spoofing possible in concrete5.org $0.0 9 Stored XSS in Pages SEO dialog Name field (concrete5 8.1.0) $0.0 10 Stored XSS in Private Messages 'Reply' allows to execute malicious JavaScript against any user while replying to the message which contains payload $0.0 11 Stored XSS in Name field in User Groups/Group Details form $0.0 12 Stored XSS vulnerability in RSS Feeds Description field $0.0 13 Stored XSS vulnerability in additional URLs in 'Location' dialog [Sitemap] $0.0 14 SSRF thru File Replace $0.0 15 Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1 $0.0 16 Host Header Injection allow HiJack Password Reset Link $0.0 17 Reflected XSS vulnerability in Database name field on installation screen $0.0 18 'cnvID' parameter vulnerable to Insecure Direct Object References $0.0 19 Stored XSS on Add Event in Calendar $0.0 20 Stored XSS on Add Calendar $0.0 21 SVG file that HTML Included is able to upload via File Manager $0.0 22 Unauthenticated reflected XSS in preview_as_user function $0.0 23 XSS in select attribute options $0.0 24 Administrators can add other administrators $0.0 25 Stored XSS on express entries $0.0 26 Stored XSS in the file search filter $0.0 27 Remote Code Execution through Extension Bypass on Log Functionality $0.0 28 Remote Code Execution (Reverse Shell) - File Manager $0.0 29 Time-base SQL Injection in Search Users $0.0 30 Cross Site Scripting (XSS) Stored - Private messaging $0.0 31 Unauthenticated HTML Injection Stored - ContactUs form $0.0 32 Fetching the update json scheme from concrete5 over HTTP leads to remote code execution $0.0 33 Phar Deserialization Vulnerability via Logging Settings $0.0 34 SSRF bypass $0.0 35 Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text" $0.0 36 Authenticated path traversal to RCE $0.0 37 Stored unauth XSS in calendar event via CSRF $0.0 38 Arbitrary File delete via PHAR deserialization $0.0 39 A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution $0.0 40 SSRF - pivoting in the private LAN $0.0 41 open redirect to a remote website which can phish users $0.0 42 SSRF mitigation bypass using DNS Rebind attack $0.0