A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/45xxx/CVE-2025-45313.json",
"cna_assigner": "mitre"
}