CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Veracode•added 2025/12/13 7:18 a.m.•3 views

Cross Site Scripting (XSS)

NiceGUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ui.interactiveimage component rendering SVG content using Vue’s v-html directive without sanitization, which allows an attacker to inject malicious HTML or JavaScript via the SVG tag when the image component is...

6.1CVSS5.8AI score0.0001EPSS

Exploits2References3Affected Software1

RedhatCVE•added 2025/12/10 12:28 a.m.•1 views

CVE-2025-66470

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...

6.1CVSS6AI score0.0001EPSS

Exploits2References1

NVD•added 2025/12/09 1:16 a.m.•3 views

CVE-2025-66470

6.1CVSS0.0001EPSS

Exploits2References2

CVE•added 2025/12/09 12:11 a.m.•4 views

CVE-2025-66470

CVE-2025-66470 affects NiceGUI <= 3.3.1 via the ui.interactive_image component, which renders SVG content with Vue v-html without sanitization. This can lead to stored/reflected XSS through the SVG tag when images are rendered or updated. The issue is fixed in NiceGUI 3.4.0; remediation is to...

6.1CVSS5.7AI score0.0001EPSS

Exploits2References2Affected Software1

Vulnrichment•added 2025/12/09 12:11 a.m.•4 views

CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

6.1CVSS5.7AI score0.0001EPSS

Exploits2References2

OSV•added 2025/12/09 12:11 a.m.•1 views

CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

6.1CVSS6AI score0.0001EPSS

Exploits2References4

Cvelist•added 2025/12/09 12:11 a.m.•29 views

CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

6.1CVSS0.0001EPSS

Exploits2References2

Positive Technologies•added 2025/12/09 12:0 a.m.•2 views

PT-2025-49682

Name of the Vulnerable Software and Affected Versions NiceGUI versions 3.3.1 and below Description NiceGUI, a Python-based UI framework, has an issue where the ui.interactive image component can be exploited for cross-site scripting XSS. The component renders Scalable Vector Graphics SVG content...

6.1CVSS5.9AI score0.0001EPSS

Exploits2References6

Github Security Blog•added 2025/12/08 9:30 p.m.•5 views

NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...

6.1CVSS5.6AI score0.0001EPSS

Exploits2References4Affected Software1

OSV•added 2025/12/08 9:30 p.m.•2 views

GHSA-2M4F-CG75-76W2 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

6.1CVSS5.5AI score0.0001EPSS

Exploits2References4

Snyk•added 2025/12/08 9:30 p.m.•1 views

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.interactiveimage component when rendering SVG content using the v-html directive without sanitization. An attacker can execute...

6.1CVSS5.5AI score0.0001EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-50989

Malicious code in bioql PyPI...

7.2CVSS7AI score0.01067EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 12:34 a.m.•4 views

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.4CVSS5.8AI score0.00198EPSS

Exploits2References1

NVD•added 2023/11/06 10:15 a.m.•10 views

CVE-2023-46823

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4...

7.6CVSS7.4AI score0.01067EPSS

Exploits0References1

ATTACKERKB•added 2023/11/06 10:15 a.m.•1 views

CVE-2023-46823

A vulnerability in Avirtum ImageLinks Interactive Image Builder imagelinks-interactive-image-builder-lite.This issue affects ImageLinks Interactive Image Builder: from n/a through = 1.5.4...

7.6CVSS7AI score0.01067EPSS

Exploits0References3

Prion•added 2023/11/06 10:15 a.m.•11 views

Sql injection

5.8CVSS8AI score0.01067EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/11/06 9:15 a.m.•13 views

CVE-2023-46823 WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection

7.6CVSS7.7AI score0.01067EPSS

Exploits0References1

Patchstack•added 2023/10/30 12:0 a.m.•8 views

WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection

Software ImageLinks Interactive Image Builder Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-46823 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID de9ca3aa968d Credits Muhammad Daffa Required...

7.2CVSS6.9AI score0.01067EPSS

Exploits0References2Affected Software1

NVD•added 2023/01/09 11:15 p.m.•14 views

CVE-2022-4393

5.4CVSS5.2AI score0.00198EPSS

Exploits2References1

Cvelist•added 2023/01/09 10:13 p.m.•20 views

CVE-2022-4393 ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Contributor+ Stored XSS

5.4AI score0.00198EPSS

Exploits2References1

Rows per page