CVE-2025-66469

Name of the Vulnerable Software and Affected Versions NiceGUI versions 3.3.1 and below

Description NiceGUI, a Python-based UI framework, has an issue where the ui.add css, ui.add scss, and ui.add sass functions do not properly sanitize or encode JavaScript contexts. This allows an attacker to inject closing tags, such as or , to break out of intended tags and execute arbitrary JavaScript. The functions are vulnerable due to a lack of proper sanitization or encoding.

Recommendations Update to version 3.4.0 or later.