Description

Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in {{ & }} were evaluated by Vue. This allowed attackers to inject arbitrary JavaScript or HTML that executes in the browser when the field is displayed. The issue has been fixed in v9.11.1 .

INFO

Published Date :

2025-10-28T20:58:21.793Z

Last Modified :

2025-10-28T20:58:21.793Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62798 vulnerability.

Vendors Products
Code16
  • Sharp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62798.

URL Resource
https://github.com/code16/sharp/pull/654 cve-icon cve-icon
https://github.com/code16/sharp/releases/tag/v9.11.1 cve-icon cve-icon
https://github.com/code16/sharp/security/advisories/GHSA-9f58-4465-23c7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact