Описание
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in version 3.5.0.
Ссылки
- Release Notes
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.22.0 (включая) до 3.5.0 (исключая)
cpe:2.3:a:zauberzeug:nicegui:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00031
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
30 дней назад
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
EPSS
Процентиль: 8%
0.00031
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79