{"id":"PYSEC-2026-1697","summary":"NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection","details":"### Summary\nA Cross-Site Scripting (XSS) vulnerability exists in `ui.add_css`, `ui.add_scss`, and `ui.add_sass` functions in NiceGUI (v3.3.1 and earlier).\n\nThese functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended `\u003cstyle\u003e` or `\u003cscript\u003e` tags by injecting closing tags (e.g., `\u003c/style\u003e` or `\u003c/script\u003e`), allowing for the execution of arbitrary JavaScript.\n\n### Details\nThe vulnerability stems from how these functions inject content into the DOM using `client.run_javascript` (or `add_head_html` internally) without sufficient escaping for the transport layer.\n\n* **`ui.add_css`**: Injects content into a `\u003cstyle\u003e` tag. Input containing `\u003c/style\u003e` closes the tag prematurely, allowing subsequent HTML/JS injection.\n* **`ui.add_scss` / `ui.add_sass`**: These rely on client-side compilation within `\u003cscript\u003e` tags. Input containing `\u003c/script\u003e` breaks the execution context, allowing XSS.\n\n### PoC\n**Scenario:** A developer allows users to customize a theme color via a URL parameter.\n\n```python\nfrom nicegui import ui\n\n@ui.page('/')\ndef main(color: str = 'blue'):\n    # Vulnerable implementation of dynamic theming\n    ui.add_css(f'.q-btn {{ background-color: {color} !important; }}')\n    ui.button('Click Me')\n\nui.run(port=8082)\n```\n**Attack Vector:**\nAccessing the following URL executes arbitrary JavaScript:\n`http://localhost:8082/?color=red;}\u003c/style\u003e\u003cimg src=x onerror=alert(document.domain)\u003e\u003cstyle\u003e`\n\n### Impact\n* **Type:** Reflected XSS\n* **Severity:** Moderate \n* **Affected Components:** Applications using `ui.add_css`, `ui.add_scss`, or `ui.add_sass` with untrusted input (e.g., dynamic theming based on user input).","aliases":["CVE-2025-66469","GHSA-72qc-wxch-74mg"],"modified":"2026-07-07T17:46:58.150165705Z","published":"2026-07-07T16:03:12.398225Z","references":[{"type":"WEB","url":"https://github.com/zauberzeug/nicegui/security/advisories/GHSA-72qc-wxch-74mg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66469"},{"type":"WEB","url":"https://github.com/zauberzeug/nicegui/commit/a8fd25b7d5e23afb1952d0f60a1940e18b5f1ca8"},{"type":"PACKAGE","url":"https://github.com/zauberzeug/nicegui"},{"type":"PACKAGE","url":"https://pypi.org/project/nicegui"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-72qc-wxch-74mg"}],"affected":[{"package":{"name":"nicegui","ecosystem":"PyPI","purl":"pkg:pypi/nicegui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.0"}]}],"versions":["0.1.0","0.1.4","0.1.6","0.2.0","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.14","0.2.15","0.2.2","0.2.3","0.2.4","0.2.9","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9","0.4.0","0.4.1","0.4.10","0.4.11","0.4.12","0.4.13","0.4.14","0.4.15","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.1","0.6.10","0.6.11","0.6.12","0.6.13","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.10","0.7.11","0.7.12","0.7.13","0.7.14","0.7.15","0.7.16","0.7.17","0.7.18","0.7.19","0.7.2","0.7.21","0.7.22","0.7.23","0.7.24","0.7.25","0.7.26","0.7.27","0.7.28","0.7.29","0.7.3","0.7.30","0.7.4","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.10","0.8.11","0.8.12","0.8.13","0.8.14","0.8.15","0.8.16","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.8","0.8.9","0.9.0","0.9.1","0.9.10","0.9.11","0.9.12","0.9.13","0.9.14","0.9.15","0.9.16","0.9.17","0.9.18","0.9.19","0.9.2","0.9.20","0.9.21","0.9.22","0.9.23","0.9.24","0.9.25","0.9.26","0.9.27","0.9.28","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","1.0.1","1.0.10","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.10","1.1.11","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.2.0","1.2.1","1.2.10","1.2.11","1.2.12","1.2.13","1.2.14","1.2.15","1.2.16","1.2.17","1.2.18","1.2.2","1.2.20","1.2.21","1.2.22","1.2.23","1.2.24","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.3.0","1.3.1","1.3.10","1.3.11","1.3.12","1.3.13","1.3.14","1.3.15","1.3.16","1.3.17","1.3.18","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.10","1.4.11","1.4.12","1.4.13","1.4.14","1.4.15","1.4.16","1.4.17","1.4.18","1.4.19","1.4.2","1.4.20","1.4.21","1.4.22","1.4.23","1.4.24","1.4.25","1.4.26","1.4.27","1.4.28","1.4.29","1.4.3","1.4.30","1.4.31","1.4.33","1.4.34","1.4.35","1.4.36","1.4.37","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","2.0.0","2.0.1","2.1.0","2.10.0","2.10.1","2.11.0","2.11.1","2.12.0","2.12.1","2.13.0","2.14.0","2.14.1","2.15.0","2.16.0","2.16.1","2.17.0","2.18.0","2.19.0","2.2.0","2.20.0","2.21.0","2.21.1","2.22.0","2.22.1","2.22.2","2.23.0","2.23.1","2.23.2","2.23.3","2.24.0","2.24.1","2.24.2","2.3.0","2.4.0","2.5.0","2.7.0","2.8.0","2.8.1","2.9.0","2.9.1","3.0.0","3.0.0rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0","3.2.0","3.3.0","3.3.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/nicegui/PYSEC-2026-1697.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}