CNNVD-202510-400 Information

CNNVD ID

CNNVD-202510-400

Related CVE

CVE-2025-53354

• CNNVD Published: 2025-10-03

Description (Chinese)

NiceGUI是NiceGUI开源的一个易于使用、基于 Python 的 UI 框架。 NiceGUI 2.24.2及之前版本存在跨站脚本漏洞，该漏洞源于未强制进行HTML或JavaScript清理，可能导致跨站脚本攻击。

Description (English)

NiceGUI is an easy-to-use, Python-based UI framework for NiceGUI open source. NiceGUI 2.24.2 and previous versions had a cross-site script loophole, which stemmed from the failure to enforce HTML or JavaScript clean-up, which could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

NiceGUI

Published

2025-10-03

Last Modified

2026-02-24

References

https://github.com/zauberzeug/nicegui/commit/4673dc35c94a0c7339e2164378b0977332e60775 https://github.com/zauberzeug/nicegui/security/advisories/GHSA-8c95-hpq2-w46f

Patch

https://nicegui.io/