{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5d739d7607fbe6bfa585f44f4276271461bebbed"
            }
          ],
          "repo": "https://github.com/code16/sharp",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.",
  "id": "CVE-2025-61457",
  "modified": "2026-03-15T21:47:08.452175916Z",
  "published": "2025-10-21T19:21:24.850Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457"
    },
    {
      "type": "WEB",
      "url": "https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97"
    },
    {
      "type": "WEB",
      "url": "https://github.com/code16/sharp/releases/tag/v9.7.0"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/code16/sharp/issues/611"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}