Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hoosk Subscribe
Filtered by product Hoosk
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43234 1 Hoosk 1 Hoosk 2022-11-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28586 1 Hoosk 1 Hoosk 2022-05-03 4.3 MEDIUM 6.1 MEDIUM
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
CVE-2021-43478 1 Hoosk 1 Hoosk 2022-04-11 5.5 MEDIUM 5.4 MEDIUM
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
CVE-2020-26041 1 Hoosk 1 Hoosk 2020-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
CVE-2020-26043 1 Hoosk 1 Hoosk 2020-10-02 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php
CVE-2020-26042 1 Hoosk 1 Hoosk 2020-10-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
CVE-2020-16610 1 Hoosk 1 Hoosk 2020-09-02 4.3 MEDIUM 4.3 MEDIUM
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.
CVE-2018-16771 1 Hoosk 1 Hoosk 2018-09-24 7.5 HIGH 9.8 CRITICAL
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
CVE-2018-16772 1 Hoosk 1 Hoosk 2018-09-24 3.5 LOW 4.8 MEDIUM
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
CVE-2018-7590 1 Hoosk 1 Hoosk 2018-03-16 6.8 MEDIUM 8.8 HIGH
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.