Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
114044.9%CRITICAL

Related CVEs

14
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-25991SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.MEDIUM5.115.3%Feb 14, 2025
CVE-2025-25990Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.MEDIUM6.117.3%Feb 14, 2025
CVE-2025-25988Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.MEDIUM4.816.0%Feb 14, 2025
CVE-2024-51055An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.MEDIUM6.544.5%Nov 8, 2024
CVE-2022-43234An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.CRITICAL9.8Nov 16, 2022
CVE-2022-28586XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.MEDIUM6.1Apr 25, 2022
CVE-2021-43478A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.MEDIUM5.4Mar 31, 2022
CVE-2020-26043An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.phpMEDIUM6.148.5%Sep 30, 2020
CVE-2020-26042An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.phpCRITICAL9.863.1%Sep 30, 2020
CVE-2020-26041An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.phpCRITICAL9.884.4%Sep 30, 2020
CVE-2020-16610Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.MEDIUM4.329.1%Aug 28, 2020
CVE-2018-16772Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.NONE47.3%Sep 10, 2018
CVE-2018-16771Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.NONE83.9%Sep 10, 2018
CVE-2018-7590CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.NONE44.2%Mar 1, 2018