Vulnerabilities > Hoosk > Hoosk > 1.7.0

DATE CVE VULNERABILITY TITLE RISK
2020-08-28 CVE-2020-16610 Cross-Site Request Forgery (CSRF) vulnerability in Hoosk
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF).
network
hoosk CWE-352
4.3
4.3
2018-09-10 CVE-2018-16772 Cross-site Scripting vulnerability in Hoosk 1.7.0
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
network
hoosk CWE-79
3.5
3.5
2018-09-10 CVE-2018-16771 Code Injection vulnerability in Hoosk 1.7.0
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
network
low complexity
hoosk CWE-94
7.5
7.5
2018-03-01 CVE-2018-7590 Cross-Site Request Forgery (CSRF) vulnerability in Hoosk 1.7.0
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
network
hoosk CWE-352
6.8
6.8