CVE-2024-57329

Name of the Vulnerable Software and Affected Versions HortusFox version 3.9

Description The issue is related to a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.

Recommendations For HortusFox version 3.9, as a temporary workaround, consider disabling the "Add Plant" function until a patch is available. Restrict access to the name input field in the "Add Plant" function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.