ByteOS Network

NVD Vulnerability Details :

CVE-2024-57329

Analyzed

Source-cve@mitre.org

Published At-23 Jan, 2025 | 22:15

Updated At-14 Aug, 2025 | 20:59

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CPE Matches

hortusfox>>hortusfox>>3.9

cpe:2.3:a:hortusfox:hortusfox:3.9:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57329	cve@mitre.org	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History