Ecosystem	Package	Version

Vulnerabilities

CVE-2025-61457

CVE-2025-61457

code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.

Published Oct 23, 2025

https://github.com/advisories/GHSA-9778-v769-qvjf

CVSS ScoreMedium

6.1

Ecosystem	Package	Version


composer	code16/sharp	7.0.0-alpha.1
composer	code16/sharp	7.27.0
composer	code16/sharp	7.7.2
composer	code16/sharp	v4.0-BETA1
composer	code16/sharp	v4.0-BETA2
composer	code16/sharp	v4.0-BETA3
composer	code16/sharp	v4.0-BETA4
composer	code16/sharp	v4.0-BETA5
composer	code16/sharp	v4.0-BETA6
composer	code16/sharp	v4.0.0
composer	code16/sharp	v4.0.10
composer	code16/sharp	v4.0.11
composer	code16/sharp	v4.0.12
composer	code16/sharp	v4.0.13
composer	code16/sharp	v4.0.14
composer	code16/sharp	v4.0.15
composer	code16/sharp	v4.0.16
composer	code16/sharp	v4.0.17
composer	code16/sharp	v4.0.18
composer	code16/sharp	v4.0.19
composer	code16/sharp	v4.0.1
composer	code16/sharp	v4.0.20
composer	code16/sharp	v4.0.21
composer	code16/sharp	v4.0.2
composer	code16/sharp	v4.0.3
composer	code16/sharp	v4.0.4
composer	code16/sharp	v4.0.5
composer	code16/sharp	v4.0.6
composer	code16/sharp	v4.0.7
composer	code16/sharp	v4.0.8
composer	code16/sharp	v4.0.9
composer	code16/sharp	v4.1.0
composer	code16/sharp	v4.1.10
composer	code16/sharp	v4.1.11
composer	code16/sharp	v4.1.12
composer	code16/sharp	v4.1.13
composer	code16/sharp	v4.1.14
composer	code16/sharp	v4.1.15
composer	code16/sharp	v4.1.16
composer	code16/sharp	v4.1.17
composer	code16/sharp	v4.1.18
composer	code16/sharp	v4.1.19
composer	code16/sharp	v4.1.1
composer	code16/sharp	v4.1.20
composer	code16/sharp	v4.1.21
composer	code16/sharp	v4.1.22
composer	code16/sharp	v4.1.23
composer	code16/sharp	v4.1.24
composer	code16/sharp	v4.1.25
composer	code16/sharp	v4.1.2

CVE-2025-61457 | Components Impacted | Sonatype Guide | Sonatype Guide