Share
## https://sploitus.com/exploit?id=116BE5DB-D506-5777-BDB9-07F3BBC2A416
# NiceGUI XSS Scanner - CVE-2025-66470

![Python](https://img.shields.io/badge/python-3.8+-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
![CVE](https://img.shields.io/badge/CVE-2025--66470-red.svg)

A fast, simple scanner for detecting **CVE-2025-66470** - XSS vulnerability in NiceGUI's `ui.interactive_image` component.

## ๐Ÿ” Vulnerability Details

| Field | Value |
|-------|-------|
| **CVE** | CVE-2025-66470 |
| **GHSA** | GHSA-2m4f-cg75-76w2 |
| **Component** | `ui.interactive_image` |
| **Affected** | NiceGUI โ‰ค 3.3.1 |
| **Fixed** | NiceGUI 3.4.0+ |
| **Type** | Stored/Reflected XSS |

### Root Cause
The `ui.interactive_image` component renders SVG content using Vue's `v-html` directive without sanitization, allowing XSS via `` tag.

**Vulnerable Code:**
```javascript

```

## ๐Ÿ“ฆ Files

| File | Description |
|------|-------------|
| `nicegui_scanner.py` | **Simple scanner** - Clean one-line output per target |
| `nicegui_xss_scanner.py` | **Full scanner** - Detailed analysis with reports |
| `targets.txt` | Sample targets file for batch scanning |

## ๐Ÿš€ Quick Start

### Installation

```bash
git clone https://github.com/yourusername/nicegui-xss-scanner.git
cd nicegui-xss-scanner
pip install requests
```

### Usage

**Single Target:**
```bash
python nicegui_scanner.py http://target.com/
```

**Batch Scan (from file):**
```bash
python nicegui_scanner.py -l targets.txt
```

**Full Analysis:**
```bash
python nicegui_xss_scanner.py http://target.com/
```

## ๐Ÿ“‹ Options

```
usage: nicegui_scanner.py [-h] [-l LIST] [--timeout TIMEOUT] [target]

NiceGUI XSS Scanner - CVE-2025-66470

positional arguments:
  target                Target URL

options:
  -h, --help            Show help message
  -l, --list LIST       File with URLs (one per line)
  --timeout TIMEOUT     Request timeout (default: 10)
```

## ๐Ÿ“Š Output Examples

### Simple Scanner
```
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘  NiceGUI XSS Scanner - CVE-2025-66470                        โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

[*] Scanning 3 target(s)...

โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
[1/3] http://192.168.1.10:8080/... ๐Ÿšจ CONFIRMED (v2.1.0)
[2/3] http://192.168.1.20:5000/... โš  VULN_VER (v3.3.0)
[3/3] http://example.com/...       โœ“ NOT_NICEGUI
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

SUMMARY:
  Total scanned:  3
  XSS CONFIRMED:  1

โœ“ Saved: nicegui_CONFIRMED_174530.txt
```

### Status Legend

| Status | Meaning |
|--------|---------|
| ๐Ÿšจ **CONFIRMED** | XSS vulnerability confirmed (all 3 checks passed) |
| โš  **VULN_VER** | Vulnerable version detected, needs manual testing |
| โœ“ **NOT_NICEGUI** | Not a NiceGUI application |

## ๐Ÿงช 3-Check Confirmation System

For XSS to be marked as **CONFIRMED**, all 3 checks must pass:

1. **CHECK 1:** Payload marker is reflected in response
2. **CHECK 2:** Dangerous HTML patterns (`` to embed HTML:

```html

  
    
  

```

## ๐Ÿ“„ targets.txt Format

```
# Comments start with #
http://target1.com/
http://target2.com:8080/
https://target3.com/login
```

## ๐Ÿ”ง Requirements

- Python 3.8+
- `requests` library

```bash
pip install requests
```

## ๐Ÿ“š References

- [GitHub Advisory - GHSA-2m4f-cg75-76w2](https://github.com/advisories/GHSA-2m4f-cg75-76w2)
- [NVD - CVE-2025-66470](https://nvd.nist.gov/vuln/detail/CVE-2025-66470)
- [Fix Commit](https://github.com/zauberzeug/nicegui/commit/58ad0b36e19922de16bbc79ea3ddd29851b1a3e3)

## โš ๏ธ Disclaimer

This tool is for **authorized security testing only**. Use responsibly and only on systems you have permission to test.

## ๐Ÿ“œ License

MIT License - See [LICENSE](LICENSE) for details.