{"id":"GO-2025-3585","summary":"Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input in github.com/beego/beego","details":"Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input in github.com/beego/beego","aliases":["CVE-2025-30223","GHSA-2j42-h78h-q4fg"],"modified":"2026-02-04T02:25:35.872328Z","published":"2025-04-01T21:40:00Z","related":["CGA-fvmc-hmjm-w7qf"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3585","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/beego/beego/security/advisories/GHSA-2j42-h78h-q4fg"},{"type":"FIX","url":"https://github.com/beego/beego/commit/939bb18c66406466715ddadd25dd9ffa6f169e25"}],"affected":[{"package":{"name":"github.com/beego/beego","ecosystem":"Go","purl":"pkg:golang/github.com/beego/beego"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3585.json"}},{"package":{"name":"github.com/beego/beego/v2","ecosystem":"Go","purl":"pkg:golang/github.com/beego/beego/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.3.6"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/beego/beego/v2/server/web","symbols":["renderFormField"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3585.json"}}],"schema_version":"1.7.3"}