CVE-2024-57329

Medium CVSS: 5.4

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.

Vendor

Hortusfox

Product

Hortusfox

CWE

CWE-79

Yayın Tarihi

2025-01-23 22:15:15

Güncelleme

2025-08-14 20:59:28

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Hortusfox MEDIUM Hortusfox 2025

Referanslar

https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57329

Benzer Kayıtlar

Medium

CVE-2025-45313

A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbi…

Medium

CVE-2025-45314

A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute a…

Medium

CVE-2025-45315

A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers…

Medium

CVE-2025-45316

A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers t…

Medium

CVE-2025-45317

A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute ar…