ExpressionEngine


19 total issues disclosed

$0 total paid publicly


Most disclosed (3 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
License verification mechanism can be bypassed Use of a Broken or Risky Cryptographic Algorithm unbaiat Low 2018-09-28
Persistent XSS via malicious license file Cross-site Scripting (XSS) - Stored unbaiat Medium 2018-09-28
XML Member Proccessing - Local File inclusion Vulnerability None supplied lawrenceamer Low 2018-05-21
Import File Converter - local File inclusion None supplied lawrenceamer Low 2018-05-18
RCE By import channel field Command Injection - Generic khaledibnalwalid High 2018-04-20
[EE] change the author of post using the author_id Insecure Direct Object Reference (IDOR) flex0geek Low 2018-04-20
[EE] Spoof the redirect process Open Redirect flex0geek Low 2018-04-20
Arbitrary file upload when setting an avatar Code Injection strukt No rating 2018-04-04
Remote Code Execution in the Import Channel function None supplied strukt Medium 2018-04-04
Reflective XSS Cross-site Scripting (XSS) - Generic hogarth45 No rating 2017-09-29
Potential code injection in fun delete_directory Code Injection freetom Medium 2017-09-07
Image lib - unescaped file path Code Injection freetom Medium 2017-09-07
Open redirects protection bypass Open Redirect strukt Medium 2017-06-16
Type Juggling -> PHP Object Injection -> SQL Injection Chain Cryptographic Issues - Generic jstnkndy No rating 2017-02-07
Arbitrary SQL query execution and reflected XSS in the "SQL Query Form" Denial of Service strukt No rating 2016-08-18
Filename and directory enumeration Information Disclosure strukt No rating 2016-08-08
Full path + some back-end code disclosure Information Disclosure strukt No rating 2016-08-07
Stored Cross-Site Scripting Vulnerability in /admin.php?/cp/admin_system/general_configuration Cross-site Scripting (XSS) - Generic deadlock No rating 2014-11-17
Cross Site Scripting (Stored) Cross-site Scripting (XSS) - Generic charan-eis No rating 2014-09-30