NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()

Description

Summary

XSS risk exists in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push() or ui.navigate.history.replace(). These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into generated JavaScript without proper escaping, a crafted payload can break out of the intended string context and execute arbitrary JavaScript in the victim’s browser.

Applications that do not pass untrusted input into ui.navigate.history.push/replace are not affected.

Details

NiceGUI provides ui.navigate.history.push(url) and ui.navigate.history.replace(url) to update the URL using the browser History API. If an application forwards user-controlled data (e.g., URL path segments, query parameters like next=..., form values, etc.) into these methods, an attacker can inject characters such as quotes and statement terminators to escape the JavaScript string context and execute arbitrary code.

A vulnerable pattern is:
- attacker controls a value (e.g., via the request path),
- the application passes it to ui.navigate.history.push(payload) (or replace).

This is similar in spirit to other NiceGUI XSS advisories:
- ui.html(),ui.chat_message() can cause XSS when developers render untrusted input as HTML (XSS risk/footgun).
- ui.interactive_image had XSS via unsanitized SVG content and was handled as a security advisory with a fix and severity rating.

Because ui.navigate.history.* is expected to accept a URL (data) rather than executable code, the library should escape/encode the argument before emitting JavaScript.

PoC

Create a simple app

from nicegui import ui

@ui.page('/')
def index():
    # A link/button a victim could click (attacker can also send the URL directly)
    ui.button('open crafted path', on_click=lambda: ui.navigate.to('/%22);alert(document.domain);//'))

@ui.page('/{payload:path}')
def victim(payload: str):
    ui.label(f'payload = {payload!r}')

    # Vulnerable use: forwarding attacker-controlled path to history.push
    ui.button('trigger', on_click=lambda: ui.navigate.history.push(payload))

ui.run()

Run the app

python app.py

Trigger

  1. Open http://localhost:8080/
  2. Click open crafted path
  3. Click trigger

Expected result: JavaScript executes (an alert showing document.domain).

Impact

  • Vulnerability type: DOM-based XSS
  • Attack vector: attacker-controlled input embedded into JavaScript via ui.navigate.history.push/replace
  • Affected users: any NiceGUI-based application that forwards untrusted input into ui.navigate.history.push() or ui.navigate.history.replace()
  • Potential outcomes: client-side code execution, phishing UI injection, and other typical XSS impacts

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2026-01-08 20:00:29 UTC
Updated
2026-01-08 20:00:30 UTC
GitHub reviewed
2026-01-08 20:00:29 UTC
NVD published
2026-01-08

EPSS Score

Score Percentile
0.02% 3.86%

CVSS Scores

Base score Version Severity Vector
6.1 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.

Identifiers

CWEs

CWE id Name
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Credits

  • xx-mikusan-xx (reporter)
  • evnchn (remediation_developer)
  • falkoschindler (remediation_reviewer)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
pip nicegui >= 2.13.0, <= 3.4.1 3.5.0

References

cvelogic Threat Intelligence