NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...

bbs-go 跨站脚本漏洞

bbs-go is an open source community system built using the Go language. bbs-go 3.3.0 and earlier versions have a cross-site scripting vulnerability that stems from the lack of filtering and escaping of user data in the v-html tag of vue used by the application. An attacker could use this...