Home > Vulnerability Database > CVE-2025-30223

Mend.io Vulnerability Database

CVE-2025-30223

Good to know:

Date: March 31, 2025

Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6.

Severity Score

9.3

Related Resources (5)

Url: https://github.com/beego/beego/security/advisories/GHSA-2j42-h78h-q4fg

Url: https://github.com/beego/beego/commit/939bb18c66406466715ddadd25dd9ffa6f169e25

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30223

Url: https://github.com/beego/beego

Url: https://www.mend.io/vulnerability-database/CVE-2025-30223

Severity Score

9.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version https://github.com/beego/beego.git - v2.3.6

Learn More

CVSS v3.1

Base Score:	9.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30223

Good to know:

Date: March 31, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?