{"id":"CVE-2025-45315","details":"A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter.","modified":"2026-04-02T12:48:35.343150Z","published":"2025-08-13T18:15:31.367Z","references":[{"type":"WEB","url":"https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/controller/admin.php#L192"},{"type":"WEB","url":"http://hortusfox-web.com"},{"type":"PACKAGE","url":"https://github.com/danielbrendel/hortusfox-web"},{"type":"EVIDENCE","url":"https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-45315/CVE-2025-45315.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/danielbrendel/hortusfox-web","events":[{"introduced":"0"},{"last_affected":"72ed3d329595144bfa3d450b69e53d4b810260b0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.4"}]}}],"versions":["v1.0","v1.1","v1.2","v1.3","v1.4","v1.5","v1.6","v2.0","v2.1","v2.2","v2.3","v2.4","v2.5","v3.0","v3.1","v3.2","v3.3","v3.4","v3.5","v3.6","v3.7","v3.8","v3.9","v4.0","v4.1","v4.2","v4.3","v4.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45315.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}