HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.Referenceshttps://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57329
