Описание
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.add_css, ui.add_scss, and ui.add_sass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or <script> tags by injecting closing tags (e.g., or ), allowing for the execution of arbitrary JavaScript. This issue is fixed in version 3.4.0.
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.0 (исключая)
cpe:2.3:a:zauberzeug:nicegui:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00056
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
2 месяца назад
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
EPSS
Процентиль: 17%
0.00056
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79