CVE-2024-57329

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-57329
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57329.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-57329
Published
2025-01-23T22:15:15.060Z
Modified
2026-04-10T05:19:33.691379Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.

References

Affected packages

Git / github.com/danielbrendel/hortusfox-web

Affected ranges

Type
GIT
Repo
https://github.com/danielbrendel/hortusfox-web
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
22eca0229ffbb010883569c1b9f3c7daf91234ce
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.9"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.1
v1.2
v1.3
v1.4
v1.5
v1.6
v2.*
v2.0
v2.1
v2.2
v2.3
v2.4
v2.5
v3.*
v3.0
v3.1
v3.2
v3.3
v3.4
v3.5
v3.6
v3.7
v3.8
v3.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57329.json"