Timo Cross-Site Scripting Vulnerability

A Cross-Site Scripting (XSS) vulnerability exists in Timo version 2.0.3. This issue allows for HTML injection through crafted links in the title field, which are not properly sanitized before being displayed. The vulnerability arises from the application's use of Jsoup for HTML parsing, with a default configuration that permits a wide range of HTML tags and attributes, including links with HTTP, HTTPS, and mailto protocols. As a result, an attacker could exploit this vulnerability to inject malicious links that could be used for phishing attacks.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting, where injected HTML is executed in the context of the user's browser, potentially leading to the interception of cookies, session tokens, or other sensitive information.

Reproduction

To reproduce this vulnerability, create a link payload using standard HTML anchor tags, including a URL that you control. Insert this payload into the title field of the application. Once submitted, the injected HTML will be rendered as a clickable link, demonstrating the XSS vulnerability.