2 matches found
Cross-site Scripting (XSS)
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.html or ui.chatmessage functions when unescaped user input is rendered directly into the DOM. An attacker can execute arbitrary...
GHSA-8C95-HPQ2-W46F NiceGUI has a Reflected XSS
Summary A Cross-Site Scripting XSS risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html. Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input with ui.html without...