PYSEC-2026-1699

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/nicegui/PYSEC-2026-1699.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1699
Aliases
Published
2026-07-07T16:03:06.332347Z
Modified
2026-07-07T17:46:58.212785133Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
NiceGUI has a Reflected XSS
Details

Summary

A Cross-Site Scripting (XSS) risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html(). Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input() with ui.html() without escaping may allow attackers to execute arbitrary JavaScript in the user’s browser. Same holds for ui.chat_message with HTML content.

Applications that directly reflect user input via ui.html() (or ui.chat_message in HTML mode) are affected. This may lead to client-side code execution (e.g., session hijacking or phishing). Applications that do not pass untrusted input into ui.html() are not affected.

Details

NiceGUI allows developers to bind user input directly into the DOM using ui.html() or ui.chat_message(). However, the library does not enforce any HTML or JavaScript sanitization, which potentially creates a dangerous attack surface for developers unaware of this behavior.

The vulnerable code path appears when combining these:

ui.input("XSS Input:", on_change=inject)
def inject(e):
    ui.html(f'{e.value}')

In this setup, any input provided by the user is rendered verbatim into the page’s DOM via innerHTML, enabling injection of script-based payloads.

PoC (Proof of Concept)

  1. Create a simple app:

    from nicegui import ui
    
    @ui.page('/')
    def main():
        def inject(e):
            ui.html(f'{e.value}')  # vulnerable use
    
        ui.input("XSS Input:", on_change=inject)
    
    ui.run()
    
  2. Run the app:

    python app.py
    
  3. In the browser, input the following payload:

    <img src=x onerror=alert('XSS')>
    
  4. Observe the JavaScript alert popup:

    XSS
    

Impact

  • Vulnerability type: Reflected Cross-Site Scripting (XSS)
  • Attack vector: User input rendered as raw HTML
  • Affected users: Any NiceGUI-based application using ui.html() or ui.chat_message() with HTML content from user input
References

Affected packages

PyPI / nicegui

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.0

Affected versions

0.*
0.1.0
0.1.4
0.1.6
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.9
0.2.10
0.2.11
0.2.12
0.2.13
0.2.14
0.2.15
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.4.10
0.4.11
0.4.12
0.4.13
0.4.14
0.4.15
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.5.10
0.5.11
0.5.12
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.6.10
0.6.11
0.6.12
0.6.13
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.6
0.7.7
0.7.8
0.7.9
0.7.10
0.7.11
0.7.12
0.7.13
0.7.14
0.7.15
0.7.16
0.7.17
0.7.18
0.7.19
0.7.21
0.7.22
0.7.23
0.7.24
0.7.25
0.7.26
0.7.27
0.7.28
0.7.29
0.7.30
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.8.10
0.8.11
0.8.12
0.8.13
0.8.14
0.8.15
0.8.16
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.16
0.9.17
0.9.18
0.9.19
0.9.20
0.9.21
0.9.22
0.9.23
0.9.24
0.9.25
0.9.26
0.9.27
0.9.28
1.*
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.2.20
1.2.21
1.2.22
1.2.23
1.2.24
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.15
1.3.16
1.3.17
1.3.18
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.7.0
2.8.0
2.8.1
2.9.0
2.9.1
2.10.0
2.10.1
2.11.0
2.11.1
2.12.0
2.12.1
2.13.0
2.14.0
2.14.1
2.15.0
2.16.0
2.16.1
2.17.0
2.18.0
2.19.0
2.20.0
2.21.0
2.21.1
2.22.0
2.22.1
2.22.2
2.23.0
2.23.1
2.23.2
2.23.3
2.24.0
2.24.1
2.24.2
3.*
3.0.0rc1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/nicegui/PYSEC-2026-1699.yaml"