Hortusfox: >> Hortusfox >> 4.4 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-13
A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-13
A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-13
A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-08-13
A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-13