RSS   Podatności dla 'Hoosk'   RSS

2022-04-25
 
CVE-2022-28586

CWE-79
 

 
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.

 
2020-09-30
 
CVE-2020-26043

CWE-79
 

 
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php

 
 
CVE-2020-26042

CWE-89
 

 
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php

 
 
CVE-2020-26041

NVD-CWE-noinfo
 

 
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php

 
2020-08-28
 
CVE-2020-16610

CWE-352
 

 
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.

 
2018-09-10
 
CVE-2018-16772

CWE-79
 

 
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.

 
 
CVE-2018-16771

CWE-94
 

 
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.

 
2018-03-01
 
CVE-2018-7590

CWE-352
 

 
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.

 


Copyright 2024, cxsecurity.com

 

Back to Top