CVE-2025-61457
MEDIUMcode16 sharp < 9.7.0 - Cross-Site Scripting in SharpFormUploadField
Title source: llmDescription
code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.
References (4)
Core 4
Core References
Various Sources
https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97
Issue Tracking
https://github.com/code16/sharp/issues/611
Release Notes
https://github.com/code16/sharp/releases/tag/v9.7.0
Scores
CVSS v3
6.1
EPSS
0.0030
EPSS Percentile
21.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
code16/sharp
0 - 9.7.0Packagist
Published
Oct 21, 2025
Tracked Since
Feb 18, 2026