Hoosk

hoosk

14 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25991 1Hoosk 1Hoosk Apr 18, 2025 Feb 14, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
CVE-2025-25990 1Hoosk 1Hoosk Apr 18, 2025 Feb 14, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
CVE-2025-25988 1Hoosk 1Hoosk Apr 18, 2025 Feb 14, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.
CVE-2024-51055 1Hoosk 1Hoosk Apr 18, 2025 Nov 8, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.
CVE-2022-43234 1Hoosk 1Hoosk Apr 30, 2025 Nov 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28586 1Hoosk 1Hoosk Nov 21, 2024 Apr 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
CVE-2021-43478 1Hoosk 1Hoosk Nov 21, 2024 Mar 31, 2022 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
CVE-2020-26043 1Hoosk 1Hoosk Nov 21, 2024 Sep 30, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php
CVE-2020-26042 1Hoosk 1Hoosk Nov 21, 2024 Sep 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
CVE-2020-26041 1Hoosk 1Hoosk Nov 21, 2024 Sep 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
CVE-2020-16610 1Hoosk 1Hoosk Nov 21, 2024 Aug 28, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention...Show more Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.Show less
CVE-2018-16772 1Hoosk 1Hoosk Nov 21, 2024 Sep 10, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
CVE-2018-16771 1Hoosk 1Hoosk Nov 21, 2024 Sep 10, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
CVE-2018-7590 1Hoosk 1Hoosk Nov 21, 2024 Mar 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.