Skip to content

XSS risk when rendering unsanitized user input with ui.html() or ui.chat_message() in NiceGUI

Moderate
falkoschindler published GHSA-8c95-hpq2-w46f Oct 3, 2025

Package

pip nicegui (pip)

Affected versions

<3.0.0

Patched versions

3.0.0

Description

Summary

A Cross-Site Scripting (XSS) risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html(). Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input() with ui.html() without escaping may allow attackers to execute arbitrary JavaScript in the user’s browser. Same holds for ui.chat_message with HTML content.

Applications that directly reflect user input via ui.html() (or ui.chat_message in HTML mode) are affected. This may lead to client-side code execution (e.g., session hijacking or phishing). Applications that do not pass untrusted input into ui.html() are not affected.

Details

NiceGUI allows developers to bind user input directly into the DOM using ui.html() or ui.chat_message(). However, the library does not enforce any HTML or JavaScript sanitization, which potentially creates a dangerous attack surface for developers unaware of this behavior.

The vulnerable code path appears when combining these:

ui.input("XSS Input:", on_change=inject)
def inject(e):
    ui.html(f'{e.value}')

In this setup, any input provided by the user is rendered verbatim into the page’s DOM via innerHTML, enabling injection of script-based payloads.

PoC (Proof of Concept)

  1. Create a simple app:

    from nicegui import ui

@ui.page('/')
def main():
    def inject(e):
        ui.html(f'{e.value}')  # vulnerable use

    ui.input("XSS Input:", on_change=inject)

ui.run()

  2. Run the app:

    python app.py

  3. In the browser, input the following payload:

    <img src=x onerror=alert('XSS')>

  4. Observe the JavaScript alert popup:

    XSS

Impact

  • Vulnerability type: Reflected Cross-Site Scripting (XSS)
  • Attack vector: User input rendered as raw HTML
  • Affected users: Any NiceGUI-based application using ui.html() or ui.chat_message() with HTML content from user input

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID

CVE-2025-53354

Weaknesses

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Learn more on MITRE.

Credits