CNNVD-202508-1436 Information

CNNVD ID

CNNVD-202508-1436

Related CVE

CVE-2025-45313

• CNNVD Published: 2025-08-13

Description (Chinese)

HortusFox是HortusFox公司的一个免费且开源的自托管植物管理器系统。 HortusFox v4.4存在安全漏洞，该漏洞源于对/tasks端点中参数title的错误操作导致跨站脚本攻击。

Description (English)

HortusFox is a free and open-source plant manager system of HortusFox. There is a security loophole in HortusFox v.4 which stems from an error in the title of the parameters in the /tasks endpoint resulting in a cross-stop script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HortusFox

Published

2025-08-13

Last Modified

2026-02-24

References

http://hortusfox-web.com https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-45313/CVE-2025-45313.md https://access.redhat.com/security/cve/cve-2025-45313

Patch

https://www.hortusfox.com/