Chatwoot

Chatwoot

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2026-5205

  • EPSS 0.04%
  • Veröffentlicht 31.03.2026 16:30:11
  • Zuletzt bearbeitet 01.04.2026 14:24:02

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side ...

7.5

CVE-2026-4990

  • EPSS 0.05%
  • Veröffentlicht 27.03.2026 21:27:18
  • Zuletzt bearbeitet 30.03.2026 13:26:07

A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to imp...

6.1

CVE-2025-12246

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.10.2025 07:32:09
  • Zuletzt bearbeitet 28.10.2025 02:12:43

A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in c...

5.3

CVE-2025-12245

Exploit
  • EPSS 0.02%
  • Veröffentlicht 27.10.2025 07:32:07
  • Zuletzt bearbeitet 28.10.2025 02:15:11

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to ori...

4.8

CVE-2024-0640

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.03.2025 10:10:52
  • Zuletzt bearbeitet 28.10.2025 18:15:12

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another a...

8.8

CVE-2025-21628

  • EPSS 0.5%
  • Veröffentlicht 09.01.2025 18:15:30
  • Zuletzt bearbeitet 29.10.2025 14:52:40

Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to r...

8.8

CVE-2021-3742

  • EPSS 0.16%
  • Veröffentlicht 15.11.2024 11:15:05
  • Zuletzt bearbeitet 19.11.2024 17:10:48

A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used a...

5.4

CVE-2021-3741

  • EPSS 0.22%
  • Veröffentlicht 15.11.2024 11:15:05
  • Zuletzt bearbeitet 19.11.2024 17:07:38

A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the ...

6.8

CVE-2021-3740

  • EPSS 0.12%
  • Veröffentlicht 15.11.2024 11:15:04
  • Zuletzt bearbeitet 10.07.2025 16:31:02

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauth...

6.1

CVE-2023-2109

  • EPSS 0.12%
  • Veröffentlicht 17.04.2023 01:15:06
  • Zuletzt bearbeitet 21.11.2024 07:57:57

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0.