CNNVD-202601-1482 Information

CNNVD ID

CNNVD-202601-1482

Related CVE

CVE-2026-21873

• CNNVD Published: 2026-01-08

Description (Chinese)

NiceGUI是NiceGUI开源的一个易于使用、基于 Python 的 UI 框架。 NiceGUI 2.22.0版本至3.4.1版本存在跨站脚本漏洞，该漏洞源于pushstate事件监听器实现不安全，可能导致URL片段标识符被操纵。

Description (English)

NiceGUI is an easy-to-use, Python-based UI framework for NiceGUI open source. NiceGUI version 2.22.0 to version 3.4.1 contains a cross-site script loophole, which results from the unsafe performance of the Pushstate event listening device, which may result in the manipulation of the URL segment identifier.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

NiceGUI

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/zauberzeug/nicegui/releases/tag/v3.5.0 https://github.com/zauberzeug/nicegui/security/advisories/GHSA-mhpg-c27v-6mxr https://access.redhat.com/security/cve/cve-2026-21873

Patch

https://github.com/zauberzeug/nicegui/releases