VYPR
Vendor

hortusfox

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-45317MedAug 13, 2025
    risk 0.42cvss 6.5epss 0.00

    A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.

  • CVE-2025-45313MedAug 13, 2025
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter.

  • CVE-2025-45316MedAug 13, 2025
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.

  • CVE-2024-57329MedJan 23, 2025
    risk 0.35cvss 5.4epss 0.00

    HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.