Teable DOM-Based Cross-Site Scripting Vulnerability in Login Redirect

A cross-site scripting (XSS) vulnerability has been identified in Teable's authentication component, specifically in versions through 1.9.x. The issue arises in the LoginPage.tsx file, where the application improperly validates the 'redirect' URL parameter. This flaw allows attackers to inject malicious scripts that are executed in the context of the user's browser after logging in. The vulnerability can be exploited remotely, and while it requires user interaction, such as clicking a link, the injected script can perform actions on behalf of the user or steal sensitive information.

Impact

Exploitation of this vulnerability allows for DOM-based cross-site scripting, where injected scripts are executed in the context of the user's browser. This could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the user.

Reproduction

To reproduce this vulnerability, send a crafted link to the Teable login page with a malicious 'redirect' parameter that includes a JavaScript payload. When the victim clicks the link and logs in, the injected script will execute. This vulnerability only works with a fresh login session, as existing sessions trigger a server-side redirect error.

Remediation

Users should upgrade to Teable version release.2026-04-21T08-57-20Z.1513, where this vulnerability has been fixed. The update is available on the Teable GitHub releases page.