hoosk 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk sql injection, and vendor risk csrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and vendor impact data exposure などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-25991 | SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. | [email protected] | 5.1 | 0.05% | 2025-02-14 | 2025-04-18 |
| CVE-2025-25990 | Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. | [email protected] | 6.1 | 0.19% | 2025-02-14 | 2025-04-18 |
| CVE-2025-25988 | Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter. | [email protected] | 4.8 | 0.23% | 2025-02-14 | 2025-04-18 |
| CVE-2024-51055 | An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. | [email protected] | 6.5 | 1.36% | 2024-11-08 | 2025-04-18 |
| CVE-2022-43234 | An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | [email protected] | 9.8 | 0.76% | 2022-11-16 | 2025-04-30 |
| CVE-2022-28586 | XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. | [email protected] | 6.1 | 0.19% | 2022-04-25 | 2024-11-21 |
| CVE-2021-43478 | A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. | [email protected] | 5.4 | 0.34% | 2022-03-31 | 2024-11-21 |
| CVE-2020-26043 | An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | [email protected] | 6.1 | 0.24% | 2020-09-30 | 2024-11-21 |
| CVE-2020-26042 | An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | [email protected] | 9.8 | 0.26% | 2020-09-30 | 2024-11-21 |
| CVE-2020-26041 | An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | [email protected] | 9.8 | 2.65% | 2020-09-30 | 2024-11-21 |
| CVE-2020-16610 | Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. | [email protected] | 4.3 | 0.20% | 2020-08-28 | 2024-11-21 |
| CVE-2018-16772 | Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | [email protected] | 4.8 | 0.24% | 2018-09-10 | 2024-11-21 |
| CVE-2018-16771 | Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | [email protected] | 9.8 | 1.14% | 2018-09-10 | 2024-11-21 |
| CVE-2018-7590 | CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | [email protected] | 8.8 | 0.07% | 2018-03-01 | 2024-11-21 |