Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2025/12/13 7:32 a.m.2 views

Reflected Cross-Site Scripting (XSS)

NiceGUI is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or encoding in the ui.addcss, ui.addscss, and ui.addsass functions, which allows an attacker to inject closing tags and execute arbitrary JavaScript...

6.1CVSS6AI score0.00042EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/10 12:28 a.m.7 views

CVE-2025-66469

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

6.1CVSS6.2AI score0.00042EPSS
Exploits1References1
OSV
OSVadded 2025/12/08 11:54 p.m.2 views

CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

6.1CVSS6.4AI score0.00042EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/12/08 11:54 p.m.27 views

CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

6.1CVSS0.00042EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/12/08 11:54 p.m.2 views

CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

6.1CVSS6.1AI score0.00042EPSS
Exploits1References2
CVE
CVEadded 2025/12/08 11:54 p.m.6 views

CVE-2025-66469

CVE-2025-66469 is a reported Reflected XSS in NiceGUI (Python UI framework). The vulnerability affects versions 3.3.1 and earlier and stems from insufficient sanitization/escaping in the functions ui.add_css, ui.add_scss, and ui.add_sass, which generate JavaScript contexts that can be broken out ...

6.1CVSS6.1AI score0.00042EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2025/12/08 9:30 p.m.2 views

GHSA-72QC-WXCH-74MG NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

Summary A Cross-Site Scripting XSS vulnerability exists in ui.addcss, ui.addscss, and ui.addsass functions in NiceGUI v3.3.1 and earlier. These functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An...

6.1CVSS5.9AI score0.00042EPSS
Exploits1References4
Rows per page
Query Builder