Hoosk
by Hootware
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7590 | Hig | 0.57 | 8.8 | 0.01 | Mar 1, 2018 | CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | ||
| CVE-2018-16772 | Med | 0.31 | 4.8 | 0.01 | Sep 10, 2018 | Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | ||
| CVE-2024-51055 | 0.00 | — | 0.01 | Nov 8, 2024 | An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. | |||
| CVE-2022-43234 | 0.00 | — | 0.01 | Nov 16, 2022 | An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2022-28586 | 0.00 | — | 0.01 | Apr 25, 2022 | XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. | |||
| CVE-2021-43478 | 0.00 | — | 0.01 | Mar 31, 2022 | A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. |
- risk 0.57cvss 8.8epss 0.01
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
- risk 0.31cvss 4.8epss 0.01
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
- CVE-2024-51055Nov 8, 2024risk 0.00cvss —epss 0.01
An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.
- CVE-2022-43234Nov 16, 2022risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2022-28586Apr 25, 2022risk 0.00cvss —epss 0.01
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
- CVE-2021-43478Mar 31, 2022risk 0.00cvss —epss 0.01
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.