Description

Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6.

INFO

Published Date :

2025-03-31T16:17:05.914Z

Last Modified :

2025-03-31T18:21:08.456Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30223 vulnerability.

Vendors Products
Beego
  • Beego
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30223.

URL Resource
https://github.com/beego/beego/commit/939bb18c66406466715ddadd25dd9ffa6f169e25 cve-icon cve-icon
https://github.com/beego/beego/security/advisories/GHSA-2j42-h78h-q4fg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact