ThinkDashboard Stored Cross-Site Scripting Vulnerability

A stored Cross-Site Scripting (XSS) vulnerability has been identified in ThinkDashboard, a self-hosted bookmark dashboard, in versions through 0.6.7. The vulnerability arises from inadequate URL scheme validation, allowing users to create bookmarks with malicious JavaScript URLs. When these bookmarks are clicked, the embedded JavaScript is executed, leading to potential phishing, malware distribution, or application defacement.

Impact

Exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, disable the 'Open links in new tab' setting in the general configuration. Then, create a bookmark with a URL using the 'javascript:' scheme, such as 'javascript:alert("XSS")'. After saving the bookmark, click on it to trigger the JavaScript execution.

Remediation

Users can update to ThinkDashboard version 0.6.8, which addresses the vulnerability by implementing proper URL validation to allow only 'http' and 'https' schemes.