{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T18:55:39.165","vulnerabilities":[{"cve":{"id":"CVE-2025-64177","sourceIdentifier":"security-advisories@github.com","published":"2025-11-06T22:15:44.040","lastModified":"2025-11-21T16:34:24.037","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting (XSS) vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme filtering. This is fixed in version 0.6.8."},{"lang":"es","value":"ThinkDashboard es un panel de marcadores autoalojado construido con Go y JavaScript puro. En las versiones 0.6.7 e inferiores, existe una vulnerabilidad de cross-site scripting (XSS) almacenado en el panel, que puede ser explotada cuando un usuario hace clic en un marcador malicioso, hecho vulnerable por la falta de filtrado de esquemas. Esto se corrigiĆ³ en la versiĆ³n 0.6.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matiasdesuu:thinkdashboard:*:*:*:*:*:*:*:*","versionEndExcluding":"0.6.8","matchCriteriaId":"60EB1ECB-DC80-4185-8EB8-1276C74DF6D0"}]}]}],"references":[{"url":"https://github.com/MatiasDesuu/ThinkDashboard/commit/16976263b22a4b0526b2c7c30294cc099258edae","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MatiasDesuu/ThinkDashboard/security/advisories/GHSA-57f2-rhxm-fjv3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}