Hoosk Security Vulnerabilities and Issues — Hoosk CVE List

Lucene search

HooskHoosk

14 matches found

CVE•added 2025/02/14 5:15 p.m.•80 views

CVE-2025-25988

Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.

4.8CVSS6.7AI score0.00042EPSS

CVE•added 2025/02/14 5:15 p.m.•67 views

CVE-2025-25991

SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.

5.1CVSS7.6AI score0.00047EPSS

CVE•added 2025/02/14 5:15 p.m.•64 views

CVE-2025-25990

Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.

6.1CVSS6.1AI score0.00046EPSS

CVE•added 2022/03/31 7:15 p.m.•60 views

CVE-2021-43478

A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.

5.5CVSS5.3AI score0.00258EPSS

CVE•added 2022/11/16 3:15 p.m.•56 views

CVE-2022-43234

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.

9.8CVSS9.6AI score0.00121EPSS

CVE•added 2022/04/25 1:15 p.m.•51 views

CVE-2022-28586

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.

6.1CVSS6.1AI score0.00212EPSS

CVE•added 2024/11/08 7:15 p.m.•41 views

CVE-2024-51055

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.

6.5CVSS8.1AI score0.00516EPSS

CVE•added 2018/09/10 4:29 a.m.•34 views

CVE-2018-16772

Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.

4.8CVSS4.8AI score0.00235EPSS

CVE•added 2020/09/30 6:15 p.m.•34 views

CVE-2020-26042

An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php

9.8CVSS9.7AI score0.00264EPSS

CVE•added 2018/03/01 10:29 p.m.•33 views

CVE-2018-7590

CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.

8.8CVSS8.7AI score0.00141EPSS

CVE•added 2020/09/30 6:15 p.m.•32 views

CVE-2020-26041

An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php

9.8CVSS9.7AI score0.02647EPSS

CVE•added 2018/09/10 4:29 a.m.•31 views

CVE-2018-16771

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.

9.8CVSS9.6AI score0.01201EPSS

CVE•added 2020/08/28 5:15 p.m.•28 views

CVE-2020-16610

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.

4.3CVSS4.5AI score0.002EPSS

CVE•added 2020/09/30 6:15 p.m.•28 views

CVE-2020-26043

An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php

6.1CVSS5.9AI score0.0024EPSS