Количество 2
Количество 2
CVE-2026-21872
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in version 3.5.0.
GHSA-m7j5-rq9j-6jj9
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-21872 NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in version 3.5.0. | CVSS3: 6.1 | 0% Низкий | около 1 месяца назад |
| GHSA-m7j5-rq9j-6jj9 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links | CVSS3: 6.1 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу