- Description
- Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 5.8
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-79
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Go言語のフレームワーク「Beego」で深刻な脆弱性(CVE-2025-30223)、対象者はアップデートを #セキュリティ対策Lab #セキュリティ #Security https://t.co/GPc0yx4y3h
@securityLab_jp
3 Apr 2025
32 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30223 Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() funct… https://t.co/LsClHM1Tf3
@CVEnew
31 Mar 2025
214 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-30223: CRITICAL] A critical Cross-Site Scripting (XSS) flaw was found in Beego prior to version 2.3.6. Attackers could inject malicious code via RenderForm function. Upgrade to 2.3.6 to stay secure.#cybersecurity,#vulnerability https://t.co/umQtBCKvOa https://t.co/dtRlc
@CveFindCom
31 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes