{"id":"CVE-2025-61457","details":"code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.","aliases":["GHSA-9778-v769-qvjf"],"modified":"2026-04-10T05:33:45.498550Z","published":"2025-10-21T19:21:24.850Z","references":[{"type":"WEB","url":"https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457"},{"type":"WEB","url":"https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97"},{"type":"WEB","url":"https://github.com/code16/sharp/releases/tag/v9.7.0"},{"type":"REPORT","url":"https://github.com/code16/sharp/issues/611"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/code16/sharp","events":[{"introduced":"0"},{"fixed":"5d739d7607fbe6bfa585f44f4276271461bebbed"}]}],"versions":["7.7.2","v4.0-BETA3","v4.0-BETA6","v4.0.0","v4.0.11","v4.0.12","v4.0.13","v4.0.14","v4.0.19","v4.0.20","v4.0.5","v4.0.7","v4.0.8","v4.1.0","v4.1.1","v4.1.11","v4.1.13","v4.1.15","v4.1.16","v4.1.2","v4.1.3","v4.1.4","v4.1.5","v4.1.6","v4.1.7","v4.1.8","v4.2.0","v4.2.3","v4.2.4","v4.2.5","v4.2.6","v5.0.0","v5.1.0","v5.1.1","v5.1.2","v5.3.0","v5.3.1","v5.3.2","v5.3.3","v5.4.0","v5.4.1","v5.4.2","v5.4.3","v5.4.4","v5.4.5","v6.0.0","v6.0.1","v6.1.0","v6.1.2","v6.1.3","v6.1.4","v6.1.5","v6.2.0","v6.3.0","v6.3.1","v6.3.2","v6.3.3","v6.4.0","v6.4.1","v6.5.0","v6.5.1","v6.5.2","v6.5.3","v6.5.4","v7.0.0","v7.0.1","v7.0.2","v7.1.0","v7.10.0","v7.11.0","v7.12.0","v7.13.0","v7.14.0","v7.16.0","v7.17.0","v7.17.1","v7.17.2","v7.17.3","v7.19.0","v7.19.1","v7.2.0","v7.2.1","v7.2.2","v7.2.3","v7.2.4","v7.2.5","v7.20.0","v7.21.0","v7.22.0","v7.23.0","v7.23.2","v7.24.0","v7.25.0","v7.25.1","v7.25.2","v7.26.0","v7.26.1","v7.26.2","v7.27.0","v7.27.1","v7.28.0","v7.29.1","v7.29.2","v7.29.3","v7.29.4","v7.29.5","v7.29.6","v7.3.0","v7.4.0","v7.5.0","v7.5.1","v7.5.2","v7.6.0","v7.7.0","v7.7.1","v7.8.0","v7.9.0","v8.0.0","v8.0.1","v8.0.2","v8.0.3","v8.0.6","v8.0.7","v8.1.0","v8.1.2","v8.2.0","v8.2.1","v8.3.1","v8.3.4","v8.3.5","v8.3.6","v8.3.7","v8.4.0","v8.4.1","v8.4.2","v8.4.3","v8.4.4","v8.5.0","v8.6.0","v8.6.1","v9.0.3","v9.0.5","v9.1.0","v9.2.0","v9.2.2","v9.2.3","v9.2.4","v9.2.5","v9.2.7","v9.2.8","v9.3.1","v9.3.4","v9.3.7","v9.4.0","v9.4.1","v9.5.0","v9.5.1","v9.5.2","v9.6.2","v9.6.3","v9.6.4","v9.6.5","v9.6.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61457.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}