CVE-2025-30223 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-30223 Interim 1 5 2026-03-05T01:10:09Z current 2025-04-04T23:12:08Z 2026-03-05T01:10:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-30223 Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZBHJANMC5TN4MHLVGPYKJGT774IKFUQ3/ E-Mail link for openSUSE-SU-2025:14970-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-EC2 SUSE Linux Enterprise Server 16.0 openSUSE Tumbleweed cloud-init-25.1.3-slfo.1.1_1.1 cloud-init-config-suse-25.1.3-slfo.1.1_1.1 govulncheck-vulndb-0.0.20250402T160203-1.1 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 cloud-init-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro cloud-init-config-suse-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro cloud-init-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-Azure cloud-init-config-suse-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-Azure cloud-init-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-BYOS cloud-init-config-suse-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-BYOS cloud-init-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-BYOS-Azure cloud-init-config-suse-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-BYOS-Azure cloud-init-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-BYOS-EC2 cloud-init-config-suse-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-BYOS-EC2 cloud-init-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-EC2 cloud-init-config-suse-25.1.3-slfo.1.1_1.1 as a component of Image SLE-Micro-EC2 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 govulncheck-vulndb-0.0.20250402T160203-1.1 as a component of openSUSE Tumbleweed Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6. CVE-2025-30223 Image SLE-Micro:cloud-init-25.1.3-slfo.1.1_1.1 Image SLE-Micro:cloud-init-config-suse-25.1.3-slfo.1.1_1.1 Image SLE-Micro-Azure:cloud-init-25.1.3-slfo.1.1_1.1 Image SLE-Micro-Azure:cloud-init-config-suse-25.1.3-slfo.1.1_1.1 Image SLE-Micro-BYOS:cloud-init-25.1.3-slfo.1.1_1.1 Image SLE-Micro-BYOS:cloud-init-config-suse-25.1.3-slfo.1.1_1.1 Image SLE-Micro-BYOS-Azure:cloud-init-25.1.3-slfo.1.1_1.1 Image SLE-Micro-BYOS-Azure:cloud-init-config-suse-25.1.3-slfo.1.1_1.1 Image SLE-Micro-BYOS-EC2:cloud-init-25.1.3-slfo.1.1_1.1 Image SLE-Micro-BYOS-EC2:cloud-init-config-suse-25.1.3-slfo.1.1_1.1 Image SLE-Micro-EC2:cloud-init-25.1.3-slfo.1.1_1.1 Image SLE-Micro-EC2:cloud-init-config-suse-25.1.3-slfo.1.1_1.1 SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250402T160203-1.1 critical