GHSA-V82V-C5X8-W282

Vulnerability from github – Published: 2026-02-05 17:41 – Updated: 2026-02-07 00:31
VLAI?
Summary
NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
Details

Description

The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers.

Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks.

Proof of Concept

from nicegui import ui

# User-controlled input containing malicious payload
user_input = 'Hello! <img src=x onerror="alert(\'XSS\')">'

ui.markdown(user_input)  # XSS executes when page loads

ui.run()

When this page loads, the JavaScript in the onerror handler executes, potentially allowing an attacker to: - Steal session cookies or authentication tokens - Perform actions on behalf of the user - Redirect users to malicious sites - Modify page content

Impact

Applications that render user-provided content through ui.markdown() are vulnerable to stored or reflected XSS attacks. This is particularly concerning for: - Chat applications displaying user messages - CMS or documentation systems with user-editable content - Any application that displays markdown from untrusted sources

Remediation

A release has been published in version 3.7.0.

For Users (Immediate Workaround)

Until a fix is released, do not pass untrusted content directly to ui.markdown(). Instead, use one of these approaches:

Option 1: Convert and sanitize manually using ui.html()

import markdown2
from html_sanitizer import Sanitizer

sanitizer = Sanitizer()

def safe_markdown(content: str) -> None:
    """Render markdown with HTML sanitization."""
    html = markdown2.markdown(content)
    ui.html(sanitizer.sanitize(html), sanitize=False)

# Usage
safe_markdown(user_input)

Option 2: Escape HTML before markdown conversion (if raw HTML not needed)

import html

# Escape HTML entities - prevents any HTML from being interpreted
ui.markdown(html.escape(user_input))

Proposed Fix

Add a sanitize parameter to ui.markdown() consistent with other HTML-rendering components, and/or add an escape_html parameter.

Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.6.1"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "nicegui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25516"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-05T17:41:17Z",
    "nvd_published_at": "2026-02-06T22:16:11Z",
    "severity": "MODERATE"
  },
  "details": "## Description\n\nThe `ui.markdown()` component uses the `markdown2` library to convert markdown content to HTML, which is then rendered via `innerHTML`. By default, `markdown2` allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through `ui.markdown()`, an attacker can inject malicious HTML containing JavaScript event handlers.\n\nUnlike other NiceGUI components that render HTML (`ui.html()`, `ui.chat_message()`, `ui.interactive_image()`), the `ui.markdown()` component does not provide or require a `sanitize` parameter, leaving applications vulnerable to XSS attacks.\n\n## Proof of Concept\n\n```python\nfrom nicegui import ui\n\n# User-controlled input containing malicious payload\nuser_input = \u0027Hello! \u003cimg src=x onerror=\"alert(\\\u0027XSS\\\u0027)\"\u003e\u0027\n\nui.markdown(user_input)  # XSS executes when page loads\n\nui.run()\n```\n\nWhen this page loads, the JavaScript in the `onerror` handler executes, potentially allowing an attacker to:\n- Steal session cookies or authentication tokens\n- Perform actions on behalf of the user\n- Redirect users to malicious sites\n- Modify page content\n\n## Impact\n\nApplications that render user-provided content through `ui.markdown()` are vulnerable to stored or reflected XSS attacks. This is particularly concerning for:\n- Chat applications displaying user messages\n- CMS or documentation systems with user-editable content\n- Any application that displays markdown from untrusted sources\n\n## Remediation\n\nA release has been published in version 3.7.0.\n\n### For Users (Immediate Workaround)\n\nUntil a fix is released, **do not pass untrusted content directly to `ui.markdown()`**. Instead, use one of these approaches:\n\n**Option 1: Convert and sanitize manually using `ui.html()`**\n\n```python\nimport markdown2\nfrom html_sanitizer import Sanitizer\n\nsanitizer = Sanitizer()\n\ndef safe_markdown(content: str) -\u003e None:\n    \"\"\"Render markdown with HTML sanitization.\"\"\"\n    html = markdown2.markdown(content)\n    ui.html(sanitizer.sanitize(html), sanitize=False)\n\n# Usage\nsafe_markdown(user_input)\n```\n\n**Option 2: Escape HTML before markdown conversion (if raw HTML not needed)**\n\n```python\nimport html\n\n# Escape HTML entities - prevents any HTML from being interpreted\nui.markdown(html.escape(user_input))\n```\n\n### Proposed Fix\n\nAdd a `sanitize` parameter to `ui.markdown()` consistent with other HTML-rendering components, and/or add an `escape_html` parameter.",
  "id": "GHSA-v82v-c5x8-w282",
  "modified": "2026-02-07T00:31:33Z",
  "published": "2026-02-05T17:41:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25516"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zauberzeug/nicegui"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "NiceGUI\u0027s XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.