CVE Daily

CVE-2025-45314

A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfo...

Medium CVSS 6.1

Overview

A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function.

CWE: CWE-79 Published: 2025-08-13T18:15:31.237
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.1 (MEDIUM)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags