danielbrendel

2 exploits Active since Aug 2025
CVE-2025-45316 WRITEUP MEDIUM WRITEUP
hortusfox-web 4.4 - Stored Cross-Site Scripting via TextBlockModule Name Parameter
A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.
CVSS 6.1
CVE-2025-45317 WRITEUP MEDIUM WRITEUP
hortusfox-web 4.4 - Remote Code Execution via Zip Slip in ImportModule.php
A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.
CVSS 6.5