Skip to main content

Hoosk CVE-2022-28586

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-04-25 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 25, 2022 - 13:15 nvd
MEDIUM 6.1

DescriptionNVD

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.

AnalysisAI

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. Affected products include: Hoosk.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Hoosk

View all
CVE-2022-43234 CRITICAL POC
9.8 Nov 16

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary

CVE-2020-26042 CRITICAL POC
9.8 Sep 30

An issue was discovered in Hoosk CMS v1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita

CVE-2020-26041 CRITICAL POC
9.8 Sep 30

An issue was discovered in Hoosk CmS v1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita

CVE-2018-16771 CRITICAL POC
9.8 Sep 10

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.

CVE-2024-51055 MEDIUM POC
6.5 Nov 08

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php componen

CVE-2025-25990 MEDIUM POC
6.1 Feb 14

Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the

CVE-2020-26043 MEDIUM POC
6.1 Sep 30

An issue was discovered in Hoosk CMS v1.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitabl

CVE-2025-25991 MEDIUM POC
5.1 Feb 14

SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /instal

CVE-2025-25988 MEDIUM POC
4.8 Feb 14

Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custo

CVE-2018-16772 MEDIUM POC
4.8 Sep 10

Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. Rated medium severity (CVSS 4

CVE-2018-7590 HIGH
8.8 Mar 01

CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. Rated high severity (CVSS 8.8), this

CVE-2020-16610 MEDIUM POC
4.3 Aug 28

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3),

Share

CVE-2022-28586 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy