CNNVD-202512-1077 Information
CNNVD ID
CNNVD-202512-1077
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
NiceGUI是NiceGUI开源的一个易于使用、基于 Python 的 UI 框架。 NiceGUI 3.3.1及之前版本存在跨站脚本漏洞,该漏洞源于ui.add_css、ui.add_scss和ui.add_sass函数清理和转义不足,可能导致反射型跨站脚本攻击。
Description (English)
NiceGUI is an easy-to-use, Python-based UI framework for NiceGUI open source. NiceGUI 3.3.1 and previous versions have a cross-site script loophole, which stems from inadequate clean-up and conversion of the ui.add css, ui.add sss and ui.add sass functions, which may result in a cross-posteric attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
NiceGUI
Published
2025-12-09
Last Modified
2026-02-24
References
https://github.com/zauberzeug/nicegui/commit/a8fd25b7d5e23afb1952d0f60a1940e18b5f1ca8 https://github.com/zauberzeug/nicegui/security/advisories/GHSA-72qc-wxch-74mg https://access.redhat.com/security/cve/cve-2025-66469
Patch
https://github.com/zauberzeug/nicegui/releases
Share on: