VYPR

Hoosk

by Hootware

CVEs (6)

  • CVE-2018-7590HigMar 1, 2018
    risk 0.57cvss 8.8epss 0.01

    CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.

  • CVE-2018-16772MedSep 10, 2018
    risk 0.31cvss 4.8epss 0.01

    Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.

  • CVE-2024-51055Nov 8, 2024
    risk 0.00cvss epss 0.01

    An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.

  • CVE-2022-43234Nov 16, 2022
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-28586Apr 25, 2022
    risk 0.00cvss epss 0.01

    XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.

  • CVE-2021-43478Mar 31, 2022
    risk 0.00cvss epss 0.01

    A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.