CVE-2024-0640

Medium CVSS: 4.8

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard app. The issue is fixed in version 3.5.2.

Vendor

Chatwoot

Product

Chatwoot

CWE

CWE-79

Yayın Tarihi

2025-03-20 10:15:14

Güncelleme

2025-10-28 18:15:12

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-79 Chatwoot MEDIUM Chatwoot 2025

Referanslar

https://github.com/chatwoot/chatwoot/commit/e39c14460b860d5e3d23d989dd6af48404ad1bb4 https://huntr.com/bounties/08b3bebf-ce3c-4416-b75e-1927ba61de85

Benzer Kayıtlar

Medium

CVE-2025-12246

A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/…

Medium

CVE-2025-12245

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunica…

Critical

CVE-2025-21628

Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize th…