CVE-2025-64177

Name of the Vulnerable Software and Affected Versions ThinkDashboard versions prior to 0.6.8

Description ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. A stored Cross-Site Scripting (XSS) issue exists in the dashboard for versions 0.6.7 and below due to a lack of scheme filtering. This allows exploitation when a user clicks on a malicious bookmark. The issue is triggered by the absence of proper input validation when handling bookmark data.

Recommendations Update to version 0.6.8 or later.