CVE-2024-57329

Publication date

2025-01-23 00:00:00

Family

mitre

State

PUBLISHED

Description

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.