CNNVD-202508-1419 Information

CNNVD ID

CNNVD-202508-1419

Related CVE

CVE-2025-45316

• CNNVD Published: 2025-08-13

Description (Chinese)

HortusFox是HortusFox公司的一个免费且开源的自托管植物管理器系统。 HortusFox v4.4版本存在安全漏洞，该漏洞源于TextBlockModule.php组件对name参数输入验证不足，可能导致跨站脚本攻击。

Description (English)

HortusFox is a free and open-source plant manager system of HortusFox. HortusFox v.4 has a security loophole, which results from the inadequate verification of name parameters by the TextBlockModule.php component, which may result in a cross-station script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HortusFox

Published

2025-08-13

Last Modified

2026-02-24

References

https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/views/chat.php#L66 https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/modules/TextBlockModule.php#L15 https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-45316/CVE-2025-45316.md https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/models/ChatMsgModel.php#L47 https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/modules/TextBlockModule.php#L201 https://nvd.nist.gov/vuln/detail/CVE-2025-45316 https://access.redhat.com/security/cve/cve-2025-45316

Patch

https://www.hortusfox.com/