Security Advisory

CVE-2026-21872

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-08 09:50:02

Last updated 2026-01-08 15:13:11

Assigner GitHub_M

State PUBLISHED

Description

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in version 3.5.0.

← Browse all CVEs View on cve.org ↗