CVE-2025-45315

Medium CVSS 5.4

Overview

A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter.

CWE: CWE-79 Published: 2025-08-13T18:15:31.367

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.4 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags