Vulnerabilities > Hoosk

DATE CVE VULNERABILITY TITLE RISK
2022-11-16 CVE-2022-43234 Unrestricted Upload of File with Dangerous Type vulnerability in Hoosk 1.8.0
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
hoosk CWE-434
critical
9.8
2022-04-25 CVE-2022-28586 Cross-site Scripting vulnerability in Hoosk 1.8.0
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
network
hoosk CWE-79
4.3
2022-03-31 CVE-2021-43478 Unspecified vulnerability in Hoosk 1.8.0
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
network
low complexity
hoosk
5.5
2020-09-30 CVE-2020-26043 Cross-site Scripting vulnerability in Hoosk 1.8.0
An issue was discovered in Hoosk CMS v1.8.0.
network
hoosk CWE-79
4.3
2020-09-30 CVE-2020-26042 SQL Injection vulnerability in Hoosk 1.8.0
An issue was discovered in Hoosk CMS v1.8.0.
network
low complexity
hoosk CWE-89
7.5
2020-09-30 CVE-2020-26041 Unspecified vulnerability in Hoosk 1.8.0
An issue was discovered in Hoosk CmS v1.8.0.
network
low complexity
hoosk
7.5
2020-08-28 CVE-2020-16610 Cross-Site Request Forgery (CSRF) vulnerability in Hoosk
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF).
network
hoosk CWE-352
4.3
2018-09-10 CVE-2018-16772 Cross-site Scripting vulnerability in Hoosk 1.7.0
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
network
hoosk CWE-79
3.5
2018-09-10 CVE-2018-16771 Code Injection vulnerability in Hoosk 1.7.0
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
network
low complexity
hoosk CWE-94
7.5
2018-03-01 CVE-2018-7590 Cross-Site Request Forgery (CSRF) vulnerability in Hoosk 1.7.0
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
network
hoosk CWE-352
6.8