/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-30223

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-30223

CGA ID

CGA-6p83-vjrp-pr8p

Severity

Unknown

Description

Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6.

References

  • https://images.chainguard.dev/security/CGA-6p83-vjrp-pr8p

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs