GHSA-MHPG-C27V-6MXR NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS

Summary An unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. Details The problem is traced as follows: 1. On pushstate, handleStateEvent is...

PT-2026-2112

Name of the Vulnerable Software and Affected Versions NiceGUI versions 2.22.0 through 3.4.1 Description NiceGUI is a Python-based UI framework. An unsafe implementation in the pushstate event listener used by ui.sub pages allows an attacker to manipulate the fragment identifier of the URL, even...