Chatwoot

Chatwoot

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-12246

Exploit
  • EPSS 0.06%
  • Veröffentlicht 27.10.2025 07:32:09
  • Zuletzt bearbeitet 28.10.2025 02:12:43

A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in c...

5.3

CVE-2025-12245

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.10.2025 07:32:07
  • Zuletzt bearbeitet 28.10.2025 02:15:11

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to ori...

4.8

CVE-2024-0640

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.03.2025 10:10:52
  • Zuletzt bearbeitet 28.10.2025 18:15:12

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another a...

8.8

CVE-2025-21628

  • EPSS 0.5%
  • Veröffentlicht 09.01.2025 18:15:30
  • Zuletzt bearbeitet 29.10.2025 14:52:40

Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to r...

8.8

CVE-2021-3742

  • EPSS 0.12%
  • Veröffentlicht 15.11.2024 11:15:05
  • Zuletzt bearbeitet 19.11.2024 17:10:48

A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used a...

5.4

CVE-2021-3741

  • EPSS 0.16%
  • Veröffentlicht 15.11.2024 11:15:05
  • Zuletzt bearbeitet 19.11.2024 17:07:38

A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the ...

6.8

CVE-2021-3740

  • EPSS 0.09%
  • Veröffentlicht 15.11.2024 11:15:04
  • Zuletzt bearbeitet 10.07.2025 16:31:02

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauth...

6.1

CVE-2023-2109

  • EPSS 0.12%
  • Veröffentlicht 17.04.2023 01:15:06
  • Zuletzt bearbeitet 21.11.2024 07:57:57

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0.

9.8

CVE-2022-3741

Exploit
  • EPSS 0.54%
  • Veröffentlicht 28.10.2022 13:15:16
  • Zuletzt bearbeitet 21.11.2024 07:20:08

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated;...

7.1

CVE-2022-2901

Exploit
  • EPSS 0.14%
  • Veröffentlicht 06.09.2022 10:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:53

Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.