Public concrete5 bug reports.

Team Bounty Title
concrete5 - Stored XSS vulnerability in RSS Feeds Description field
concrete5 - Stored XSS in Name field in User Groups/Group Details form
concrete5 - Stored XSS in Private Messages 'Reply' allows to execute malicious JavaScript against any user while replying to the message which contains payload
concrete5 - Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ]
concrete5 - Stored XSS in Pages SEO dialog Name field (concrete5 8.1.0)
concrete5 - Password Reset link hijacking via Host Header Poisoning
concrete5 - Stored XSS in RSS Feeds Title (Concrete5 v8.1.0)
concrete5 - Stored XSS in Express Objects - Concrete5 v8.1.0
concrete5 - Content Spoofing possible in
concrete5 - CSRF Full Account Takeover
concrete5 - Full Page Caching Stored XSS Vulnerability
concrete5 - Local File Inclusion path bypass
concrete5 - ProBlog 2.6.6 CSRF Exploit
concrete5 - No CSRF protection when creating new community points actions, and related stored XSS
concrete5 - No csrf protection on index.php/ccm/system/user/add_group, index.php/ccm/system/user/remove_group
concrete5 - Multiple XSS Vulnerabilities in Concrete5
concrete5 - Local File Inclusion Vulnerability in Concrete5 version
concrete5 - SQL Injection Vulnerability in Concrete5 version
concrete5 - Sendmail Remote Code Execution Vulnerability in Concrete5 version
concrete5 - Multiple Stored Cross Site Scripting Vulnerabilities in Concrete5 version
concrete5 - Multiple Reflected Cross Site Scripting Vulnerabilities in Concrete5 version
concrete5 - Multiple Cross Site Request Forgery Vulnerabilities in Concrete5 version
concrete5 - Stored XSS in Image Alt. Text
concrete5 - Stored XSS in Message to Display When No Pages Listed.
concrete5 - Stored XSS in Bio/Quote
concrete5 - Stored XSS In Company URL
concrete5 - Stored XSS in testimonial Company
concrete5 - Stored XSS in Testimonial Position
concrete5 - Stored XSS in Testimonial name
concrete5 - Stored Xss in Feature Paragraph
concrete5 - Stored XSS in Feature tile
concrete5 - Stored XSS in title of date navigation
concrete5 - Stored XSS in Title of the topic List
concrete5 - Stored XSS in Contact Form
concrete5 - Stored XSS on Search Title
concrete5 - Stored XSS on Title of Page List in edit page list
concrete5 - Stored XSS on Blog's page Tile
concrete5 - Self Xss on File Replace
concrete5 - Stored XSS in adding fileset
concrete5 - stored XSS in concrete5
concrete5 - SQL injection in conc/index.php/ccm/system/search/users/submit
concrete5 - Weak random number generator used in concrete/authentication/concrete/controller.php
concrete5 - Stored XSS in concrete5
concrete5 - broken authentication
concrete5 - XSS on [/concrete/concrete/elements/dashboard/sitemap.php]
concrete5 - Cross-Site Scripting in getMarketplacePurchaseFrame
concrete5 - ::: HeartBleed Attack (CVE-2014-0160)
concrete5 - page_controls_menu_js can reveal collection version of page
concrete5 - CONCRETE5 - path disclosure.
concrete5 - XSS IN member List (Because of City Textbox)
concrete5 - XSS in private message
concrete5 - dashboard/pages/types [Unknown column 'Array' in 'where clause'] disclosure.
concrete5 - /index.php/dashboard/sitemap/explore/ Cross-site scripting
concrete5 - Bypass
concrete5 - HttpOnly flag not set for cookie on
concrete5 - XSS in Theme Preview Tools File