6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53354

GHSA ID

GHSA-8c95-hpq2-w46f

EPSS Score

CWE

CWE-79

Published

10/3/2025

Updated

10/3/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-53354

CVE-2025-53354: NiceGUI has a Reflected XSS

Summary

A Cross-Site Scripting (XSS) risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html(). Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input() with ui.html() without escaping may allow attackers to execute arbitrary JavaScript in the user’s browser. Same holds for ui.chat_message with HTML content.

Applications that directly reflect user input via ui.html() (or ui.chat_message in HTML mode) are affected. This may lead to client-side code execution (e.g., session hijacking or phishing). Applications that do not pass untrusted input into ui.html() are not affected.

Details

NiceGUI allows developers to bind user input directly into the DOM using ui.html() or ui.chat_message(). However, the library does not enforce any HTML or JavaScript sanitization, which potentially creates a dangerous attack surface for developers unaware of this behavior.

The vulnerable code path appears when combining these:

ui.input("XSS Input:", on_change=inject)
def inject(e):
    ui.html(f'{e.value}')

In this setup, any input provided by the user is rendered verbatim into the page’s DOM via innerHTML, enabling injection of script-based payloads.

PoC (Proof of Concept)

Create a simple app:

from nicegui import ui

@ui.page('/')
def main():
    def inject(e):
        ui.html(f'{e.value}')  # vulnerable use

    ui.input("XSS Input:", on_change=inject)

ui.run()

Run the app:
```
python app.py
```
In the browser, input the following payload:
```
<img src=x onerror=alert('XSS')>
```
Observe the JavaScript alert popup:
```
XSS
```

Impact

Vulnerability type: Reflected Cross-Site Scripting (XSS)
Attack vector: User input rendered as raw HTML
Affected users: Any NiceGUI-based application using ui.html() or ui.chat_message() with HTML content from user input

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53354

GHSA ID

GHSA-8c95-hpq2-w46f

EPSS Score

CWE

CWE-79

Published

10/3/2025

Updated

10/3/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nicegui	pip	< 3.0.0	3.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a classic Reflected Cross-Site Scripting (XSS) issue within the NiceGUI framework. The root cause lies in the ui.html() and ui.chat_message() components, which are wrappers around the Html and ChatMessage classes respectively. Before the patch, these components would render raw HTML content passed to them without any default escaping or sanitization. This design meant that any application passing user-controlled input to these components was immediately vulnerable to XSS.

The investigation of the fixing commit 4673dc35c94a0c7339e2164378b0977332e60775 confirms this. The core changes are in the __init__ methods of nicegui.elements.html.Html and nicegui.elements.chat_message.ChatMessage. The patch fundamentally changes the API by introducing a mandatory sanitize parameter for both. Developers are now forced to make a security decision: either provide a sanitization function or explicitly declare the content as safe by passing sanitize=False. This change moves the library from a default-insecure to a default-secure posture, effectively mitigating the vulnerability by preventing developers from accidentally rendering unsafe user input.

Vulnerable functions

nicegui.elements.html.Html.__init__

nicegui/elements/html.py

This constructor is responsible for rendering HTML content. Before the patch, it directly rendered the provided `content` string as HTML without any form of sanitization. If an attacker could control this content, they could inject malicious scripts, leading to a reflected Cross-Site Scripting (XSS) vulnerability. The vulnerable implementation made it easy for developers to unknowingly introduce this flaw by passing unsanitized user input to this element.

nicegui.elements.chat_message.ChatMessage.__init__

nicegui/elements/chat_message.py

This constructor is used to create chat messages. When the `text_html=True` parameter was used, the function would render the message content as raw HTML by using the `nicegui.elements.html.Html` element internally without sanitization. This created an XSS vulnerability if the chat message content was derived from user input. The patch addresses this by requiring an explicit `sanitize` option, preventing the default unsafe behavior.

WAF Protection Rules

WAF Rule

### Summ*ry * *ross-Sit* S*riptin* (XSS) risk *xists in Ni***UI w**n **v*lop*rs r*n**r un*s**p** us*r input into t** *OM usin* `ui.*tml()`. ***or* v*rsion *.*, Ni***UI *o*s not *n*or** *TML or J*v*S*ript s*nitiz*tion, so *ppli**tions t**t *ir**tly *

Reasoning

T** vuln*r**ility is * *l*ssi* R**l**t** *ross-Sit* S*riptin* (XSS) issu* wit*in t** Ni***UI *r*m*work. T** root **us* li*s in t** `ui.*tml()` *n* `ui.***t_m*ss***()` *ompon*nts, w*i** *r* wr*pp*rs *roun* t** `*tml` *n* `***tM*ss***` *l*ss*s r*sp**ti

6.1

Basic Information

Concerned about an active attack path?

CVE-2025-53354: NiceGUI has a Reflected XSS

Summary

Details

PoC (Proof of Concept)

Impact

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI