danielbrendel/hortusfox-web

danielbrendel/hortusfox-web

www.hortusfox.com

Releases43

Frequency2 weeks 6 days

Last Release about 1 month ago

Stars1.56K

Self-hosted collaborative plant management and tracking system for plant enthusiasts

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-45314 ↗	Aug 13, 2025Wednesday, 13 August 2025, 18:15	6.1 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function.
CVE-2025-45315 ↗	Aug 13, 2025Wednesday, 13 August 2025, 18:15	5.4 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter.
CVE-2025-45316 ↗	Aug 13, 2025Wednesday, 13 August 2025, 18:15	6.1 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.
CVE-2025-45317 ↗	Aug 13, 2025Wednesday, 13 August 2025, 18:15	6.5 MEDIUM	—
A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.