HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.
Add your gear to cvedb and we'll alert you only when hortusfox ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.