CVE-2025-45315
Published
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter.
GitHubSelf-hosted collaborative plant management and tracking system for plant enthusiasts
GitHub