GHSA-m7j5-rq9j-6jj9

Suggest an improvement
Source
https://github.com/advisories/GHSA-m7j5-rq9j-6jj9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-m7j5-rq9j-6jj9/GHSA-m7j5-rq9j-6jj9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m7j5-rq9j-6jj9
Aliases
Published
2026-01-08T20:08:42Z
Modified
2026-01-08T20:26:20.746403Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
Details

Summary

An unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link.

Details

  1. On click, eventually sub_pages_navigate event is emitted. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/elements/sub_pages.js#L41-L63

  2. SubPagesRouter (used by ui.subpages), lisnening on sub_pages_navigate, _handle_navigate runs. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/subpages_router.py#L18-L22

  3. _handle_navigate runs run_javascript with f-string substituting self.current_path which is simply surrounded by double-quotes. The string context can be broken out easily.

https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/subpagesrouter.py#L73-L88

PoC

The minimal PoC boils down to this:

from nicegui import ui

ui.sub_pages({'/': lambda: ui.link('Go to XSS', '/"+alert(1)+"')})

ui.run()

However, it is more likely that the attack takes place with attacker-controlled input, for which this shows it:

from nicegui import app, ui

ui.sub_pages({'/': lambda: ui.label('Hello, World!')})

ui.textarea('Markdown content').bind_value(app.storage.general, 'markdown_content')

ui.markdown().bind_content_from(app.storage.general, 'markdown_content')

ui.run()

Vulnerable input is [XSS LINK](/"+alert(document.domain)+") (causes double payload execution, though)

Both cases require someone to click on the link.

<img width="1428" height="254" alt="image" src="https://github.com/user-attachments/assets/8be4f345-c0cf-4df2-9917-677a2ea72626" />

Impact

Any page which uses ui.sub_pages and renders arbitrary links on screen (common case of ui.markdown) is affected.

The impact is low since a click is always required from the user, who can on-hover to discover the sketchy content of the link and stop if well-trained.

Appendix

AI is used safely to judge the CVSS scoring (input is not even provided, just the impact statement).

Please find the results in https://poe.com/s/y5DvyqgtszDGLUuHin1O

Scoring update after manual review

  • Scope Changed is more inline with other posted XSS vulnerabilities
  • Availability None: No DDoS is possible with this. Site remains performant as ever.
Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-08T20:08:42Z",
    "severity": "MODERATE",
    "nvd_published_at": "2026-01-08T10:15:55Z",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

PyPI / nicegui

Package

Name
nicegui
View open source insights on deps.dev
Purl
pkg:pypi/nicegui

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.22.0
Fixed
3.5.0

Affected versions

2.*

2.22.0
2.22.1
2.22.2
2.23.0
2.23.1
2.23.2
2.23.3
2.24.0
2.24.1
2.24.2

3.*

3.0.0rc1
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0
3.2.0
3.3.0
3.3.1
3.4.0
3.4.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-m7j5-rq9j-6jj9/GHSA-m7j5-rq9j-6jj9.json"

last_known_affected_version_range

"<= 3.4.1"