PT-2022-19093 · Hoosk · Hoosk

Nhienit2010

Published

2022-04-25

Updated

2022-05-03

CVE-2022-28586

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Hoosk version 1.8.0

Description The issue allows an attacker to execute javascript code in a user's browser via the edit page with an XSS payload, bypassing filters for some special characters.

Recommendations For Hoosk version 1.8.0, update to a version that includes a fix for this issue, as using the edit page with an XSS payload can lead to the execution of malicious javascript code in the user's browser. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-28586

Affected Products

Hoosk

PT-2022-19093 · Hoosk · Hoosk

CVE-2022-28586

Weakness Enumeration

Related Identifiers

Affected Products

References · 5