streamlit is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to a lack of sanitization in the path parameter in components.py
; an attacker is able to trick the user into visiting a malicious URL which executes the malicious JavaScript payload into the browser.