GHSA-8C95-HPQ2-W46F
Vulnerability from github – Published: 2025-10-03 19:19 – Updated: 2025-10-13 15:10Summary
A Cross-Site Scripting (XSS) risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html(). Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input() with ui.html() without escaping may allow attackers to execute arbitrary JavaScript in the user’s browser. Same holds for ui.chat_message with HTML content.
Applications that directly reflect user input via ui.html() (or ui.chat_message in HTML mode) are affected. This may lead to client-side code execution (e.g., session hijacking or phishing). Applications that do not pass untrusted input into ui.html() are not affected.
Details
NiceGUI allows developers to bind user input directly into the DOM using ui.html() or ui.chat_message(). However, the library does not enforce any HTML or JavaScript sanitization, which potentially creates a dangerous attack surface for developers unaware of this behavior.
The vulnerable code path appears when combining these:
ui.input("XSS Input:", on_change=inject)
def inject(e):
ui.html(f'{e.value}')
In this setup, any input provided by the user is rendered verbatim into the page’s DOM via innerHTML, enabling injection of script-based payloads.
PoC (Proof of Concept)
- Create a simple app:
```python from nicegui import ui
@ui.page('/') def main(): def inject(e): ui.html(f'{e.value}') # vulnerable use
ui.input("XSS Input:", on_change=inject)
ui.run() ```
- Run the app:
bash
python app.py
- In the browser, input the following payload:
html
<img src=x onerror=alert('XSS')>
- Observe the JavaScript alert popup:
XSS
Impact
- Vulnerability type: Reflected Cross-Site Scripting (XSS)
- Attack vector: User input rendered as raw HTML
- Affected users: Any NiceGUI-based application using
ui.html()orui.chat_message()with HTML content from user input
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nicegui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-53354"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-03T19:19:17Z",
"nvd_published_at": "2025-10-03T20:15:33Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nA Cross-Site Scripting (XSS) risk exists in NiceGUI when developers render unescaped user input into the DOM using `ui.html()`. Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like `ui.input()` with `ui.html()` without escaping may allow attackers to execute arbitrary JavaScript in the user\u2019s browser. Same holds for `ui.chat_message` with HTML content.\n\nApplications that directly reflect user input via `ui.html()` (or `ui.chat_message` in HTML mode) are affected. This may lead to client-side code execution (e.g., session hijacking or phishing). Applications that do not pass untrusted input into ui.html() are not affected.\n\n### Details\n\nNiceGUI allows developers to bind user input directly into the DOM using `ui.html()` or `ui.chat_message()`. However, the library does not enforce any HTML or JavaScript sanitization, which potentially creates a dangerous attack surface for developers unaware of this behavior.\n\nThe vulnerable code path appears when combining these:\n\n```python\nui.input(\"XSS Input:\", on_change=inject)\ndef inject(e):\n ui.html(f\u0027{e.value}\u0027)\n```\n\nIn this setup, any input provided by the user is rendered **verbatim** into the page\u2019s DOM via innerHTML, enabling injection of script-based payloads.\n\n### PoC (Proof of Concept)\n\n1. Create a simple app:\n\n ```python\n from nicegui import ui\n\n @ui.page(\u0027/\u0027)\n def main():\n def inject(e):\n ui.html(f\u0027{e.value}\u0027) # vulnerable use\n\n ui.input(\"XSS Input:\", on_change=inject)\n\n ui.run()\n ```\n\n2. Run the app:\n\n ```bash\n python app.py\n ```\n\n3. In the browser, input the following payload:\n\n ```html\n \u003cimg src=x onerror=alert(\u0027XSS\u0027)\u003e\n ```\n\n4. Observe the JavaScript alert popup:\n\n ```\n XSS\n ```\n\n### Impact\n\n* **Vulnerability type:** Reflected Cross-Site Scripting (XSS)\n* **Attack vector:** User input rendered as raw HTML\n* **Affected users:** Any NiceGUI-based application using `ui.html()` or `ui.chat_message()` with HTML content from user input",
"id": "GHSA-8c95-hpq2-w46f",
"modified": "2025-10-13T15:10:03Z",
"published": "2025-10-03T19:19:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-8c95-hpq2-w46f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53354"
},
{
"type": "WEB",
"url": "https://github.com/zauberzeug/nicegui/commit/4673dc35c94a0c7339e2164378b0977332e60775"
},
{
"type": "PACKAGE",
"url": "https://github.com/zauberzeug/nicegui"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "NiceGUI has a Reflected XSS"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.