Primary

Context

Hoosk CMS Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability exists in Hoosk CMS version 1.7.1, specifically within the '/install/index.php' component. This issue allows remote attackers to inject malicious scripts that could be executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, navigate to the '/install/index.php' component of Hoosk CMS version 1.7.1. Inject an incorrect SQL syntax into the 'siteName' parameter. The application will respond by outputting SQL statements, which can be manipulated to include a script tag payload, such as '<script>alert(1)</script>'. This injected script will be executed, demonstrating the cross-site scripting vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hoosk CMS Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

hooskcms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating