CNNVD-202508-1418 Information

CNNVD ID

CNNVD-202508-1418

Related CVE

CVE-2025-45315

• CNNVD Published: 2025-08-13

Description (Chinese)

HortusFox是HortusFox公司的一个免费且开源的自托管植物管理器系统。 HortusFox v4.4存在安全漏洞，该漏洞源于对/controller/admin.php端点中参数email的错误操作导致跨站脚本攻击。

Description (English)

HortusFox is a free and open-source plant manager system of HortusFox. There is a security loophole in HortusFox v.4 which stems from an error in the email parameter in/controller/admin.php endpoint resulting in a cross-stop script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HortusFox

Published

2025-08-13

Last Modified

2026-02-24

References

https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/controller/admin.php#L192 https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-45315/CVE-2025-45315.md http://hortusfox-web.com https://nvd.nist.gov/vuln/detail/CVE-2025-45315 https://access.redhat.com/security/cve/cve-2025-45315

Patch

https://www.hortusfox.com/