PT-2026-28178

Name of the Vulnerable Software and Affected Versions Sharp versions prior to 9.20.0 Description Sharp, a content management framework for Laravel, has an issue in its file upload functionality. The ApiFormUploadController accepts a client-controlled validation rule parameter that is passed...

Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax

A Cross-Site Scripting XSS vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in & were evaluated by Vue. This allowed attackers to inject arbitrary JavaScript or HTML that executes in the browser...

code16 Sharp vulnerable to Cross Site Scripting (XSS)

code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting XSS src/Form/Fields/SharpFormUploadField.php...

CVE-2025-61457

code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting XSS src/Form/Fields/SharpFormUploadField.php...

CVE-2025-61457

code16/sharp v9.6.6 is vulnerable to Cross-Site Scripting (XSS) in src/Form/Fields/SharpFormUploadField.php due to improper input validation/output encoding. An attacker could inject and execute arbitrary scripts in a victim’s browser. Remediation: upgrade to code16/sharp >= 9.7.0 (or apply pr...