/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-30223

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-30223

CGA ID

CGA-6p83-vjrp-pr8p

Severity

Unknown

Description

Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6.

References

  • https://images.chainguard.dev/security/CGA-6p83-vjrp-pr8p
  • https://github.com/advisories/GHSA-2j42-h78h-q4fg
  • https://github.com/beego/beego/security/advisories/GHSA-2j42-h78h-q4fg
  • https://github.com/beego/beego/commit/939bb18c66406466715ddadd25dd9ffa6f169e25

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation