18 matches found
CVE-2026-21872
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...
GHSA-MHPG-C27V-6MXR NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS
Summary An unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. Details The problem is traced as follows: 1. On pushstate, handleStateEvent is...
NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS
Summary An unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. Details The problem is traced as follows: 1. On pushstate, handleStateEvent is...
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
Summary An unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. Details 1. On click, eventually subpagesnavigate event is emitted...
GHSA-M7J5-RQ9J-6JJ9 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
Summary An unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. Details 1. On click, eventually subpagesnavigate event is emitted...
Cross-site Scripting (XSS)
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.subpages function. An attacker can execute JavaScript in the context of the user's browser by tricking a user into clicking a...
CVE-2026-21873
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...
CVE-2026-21873 Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages`
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...
CVE-2026-21873 Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages`
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...
CVE-2026-21873 Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages`
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...
CVE-2026-21872 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...
CVE-2026-21872 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...
CVE-2026-21872 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...
CVE-2026-21872
NiceGUI (Python UI framework) versions 2.22.0–3.4.1 are affected by an XSS vulnerability caused by an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page. The issue triggers when a user actively clicks a crafted link...
PT-2026-2111
Name of the Vulnerable Software and Affected Versions NiceGUI versions 2.22.0 through 3.4.1 Description NiceGUI is a Python-based UI framework susceptible to a cross-site scripting XSS issue. The problem stems from an unsafe implementation within the click event listener used by ui.sub pages,...
PT-2026-2112
Name of the Vulnerable Software and Affected Versions NiceGUI versions 2.22.0 through 3.4.1 Description NiceGUI is a Python-based UI framework. An unsafe implementation in the pushstate event listener used by ui.sub pages allows an attacker to manipulate the fragment identifier of the URL, even...
Debian DSA-2014-1 : moin - several vulnerabilities
Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0668 Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc...
PHPBB links.php Remote SQL Injection
No description provided by source. ?php PHPBB links.php Remote SQL Injection By Love Fly thanks Flyh4t,Spr1t3 [email protected] www.cnsst.org / www.sebug.net =phpBB 2.022 use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; CONFIGURAZIONE EXPLOIT $sito =...