Cross-Site Scripting Vulnerability in Sharp Content Management Framework by Code16
CVE-2025-62798

5.4MEDIUM

Key Information:

Vendor

Code16

Status
Sharp
Vendor
CVE Published:
28 October 2025

What is CVE-2025-62798?

The Sharp content management framework, developed as a package for Laravel, contains a Cross-Site Scripting (XSS) vulnerability prior to version 9.11.1. This flaw arises in the SharpShowTextField component, where user-supplied expressions within {{ & }} were improperly evaluated by Vue, allowing attackers to inject malicious JavaScript or HTML. Consequently, these scripts would execute in the user's browser upon rendering the affected field. The vulnerability has been effectively addressed in version 9.11.1 of Sharp.

Affected Version(s)

sharp < 9.11.1

References

https://github.com/code16/sharp/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/code16/sharp/pull/654
x_refsource_MISC
https://github.com/code16/sharp/releases/tag/v9.11.1
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.