Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2023-29696
HistoryApr 20, 2023 - 12:00 a.m.

chatwoot Cross-Site Scripting Vulnerability (CNVD-2023-29696)

2023-04-2000:00:00
China National Vulnerability Database
www.cnvd.org.cn
17
chatwoot application
customer engagement suite
open source
cross-site scripting
vulnerability
filtering
attacker
web script
html
injection
security document

EPSS

0.001

Percentile

43.7%

JSON

chatwoot is an application. Customer Engagement Suite, an open source alternative to intercom, Zendesk, Salesforce Service Cloud, etc. A cross-site scripting vulnerability exists in chatwoot versions prior to 2.14.0. The vulnerability stems from the application’s lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload.

Related

prion 1
cve 1
cvelist 1
nvd 1
huntr 1
osv 1
prion
prion
Cross site scripting
2023-04-17 01:15:00
cve
cve
CVE-2023-2109
2023-04-17 01:15:06
cvelist
cvelist
CVE-2023-2109 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot
2023-04-17 00:00:00
nvd
nvd
CVE-2023-2109
2023-04-17 01:15:06
huntr
huntr
XSS via postMessage to deface any website and account takeover
2023-02-02 22:18:41
osv
osv
CVE-2023-2109
2023-04-17 01:15:06

EPSS

0.001

Percentile

43.7%

JSON
Related for CNVD-2023-29696
prion1cve1cvelist1nvd1huntr1osv1