Vulnerabilities > Hoosk > Hoosk > 1.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-28 | CVE-2020-16610 | Cross-Site Request Forgery (CSRF) vulnerability in Hoosk Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). | 4.3 |
2018-09-10 | CVE-2018-16772 | Cross-site Scripting vulnerability in Hoosk 1.7.0 Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | 3.5 |
2018-09-10 | CVE-2018-16771 | Code Injection vulnerability in Hoosk 1.7.0 Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | 7.5 |
2018-03-01 | CVE-2018-7590 | Cross-Site Request Forgery (CSRF) vulnerability in Hoosk 1.7.0 CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | 6.8 |