← Back
2026-02-06 21:12CVE-2026-25516GitHub_M
PUBLISHED5.2CWE-79

NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers. Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks. This vulnerability is fixed in 3.7.0.

Problem type

Affected products

zauberzeug

nicegui

< 3.7.0 - AFFECTED

References

https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282

https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282

x_refsource_CONFIRM
https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561

https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561

x_refsource_MISC

GitHub Security Advisories

GHSA-v82v-c5x8-w282

NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

https://github.com/advisories/GHSA-v82v-c5x8-w282

Description

The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers.

Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks.

Proof of Concept

from nicegui import ui

# User-controlled input containing malicious payload
user_input = 'Hello! <img src=x onerror="alert(\'XSS\')">'

ui.markdown(user_input)  # XSS executes when page loads

ui.run()

When this page loads, the JavaScript in the onerror handler executes, potentially allowing an attacker to:

  • Steal session cookies or authentication tokens
  • Perform actions on behalf of the user
  • Redirect users to malicious sites
  • Modify page content

Impact

Applications that render user-provided content through ui.markdown() are vulnerable to stored or reflected XSS attacks. This is particularly concerning for:

  • Chat applications displaying user messages
  • CMS or documentation systems with user-editable content
  • Any application that displays markdown from untrusted sources

Remediation

A release has been published in version 3.7.0.

For Users (Immediate Workaround)

Until a fix is released, do not pass untrusted content directly to ui.markdown(). Instead, use one of these approaches:

Option 1: Convert and sanitize manually using ui.html()

import markdown2
from html_sanitizer import Sanitizer

sanitizer = Sanitizer()

def safe_markdown(content: str) -> None:
    """Render markdown with HTML sanitization."""
    html = markdown2.markdown(content)
    ui.html(sanitizer.sanitize(html), sanitize=False)

# Usage
safe_markdown(user_input)

Option 2: Escape HTML before markdown conversion (if raw HTML not needed)

import html

# Escape HTML entities - prevents any HTML from being interpreted
ui.markdown(html.escape(user_input))

Proposed Fix

Add a sanitize parameter to ui.markdown() consistent with other HTML-rendering components, and/or add an escape_html parameter.

github.com

https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282

github.com

https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-25516

github.com

https://github.com/advisories/GHSA-v82v-c5x8-w282

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-25516
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-25516",
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "dateUpdated": "2026-02-06T21:12:19.501Z",
    "dateReserved": "2026-02-02T18:21:42.487Z",
    "datePublished": "2026-02-06T21:12:19.501Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M",
        "dateUpdated": "2026-02-06T21:12:19.501Z"
      },
      "title": "NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content",
      "descriptions": [
        {
          "lang": "en",
          "value": "NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers. Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks. This vulnerability is fixed in 3.7.0."
        }
      ],
      "affected": [
        {
          "vendor": "zauberzeug",
          "product": "nicegui",
          "versions": [
            {
              "version": "< 3.7.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282",
          "name": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282",
          "tags": [
            "x_refsource_CONFIRM"
          ]
        },
        {
          "url": "https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561",
          "name": "https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561",
          "tags": [
            "x_refsource_MISC"
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "REQUIRED",
            "scope": "CHANGED",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM"
          }
        }
      ]
    }
  }
}