CVE-2025-53354 NiceGUI is vulnerable to Reflected XSS attack

NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...

EUVD-2025-32318

NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...

CVE-2025-53354

NiceGUI is affected by a Cross-Site Scripting (XSS) vulnerability when rendering unescaped user input into the DOM via ui.html() (and related HTML content in ui.chat_message). Versions 2.24.2 and below are vulnerable; the issue stems from not sanitizing HTML/JavaScript inputs. Applications that c...

PT-2025-40595

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.0.0 Description NiceGUI, a Python-based UI framework, is susceptible to Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. The framework did not enforce HTML or JavaScri...

CVE-2020-26885

An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser...

Cross site scripting

An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser...