CVE-2025-12246

The CVE-2025-12246 entry concerns chatwoot versions up to 4.7.0, specifically the Admin Interface file app/javascript/shared/components/IframeLoader.vue. The vulnerability arises from manipulation of the Link argument, enabling cross-site scripting. Exploitation is described as remote, but no in‑...

EUVD-2022-24371

Malicious code in bioql PyPI...

CVE-2024-0640

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

CVE-2024-0640

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

Chatwoot 授权问题漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. An authorization issue vulnerability exists in versions prior to Chatwoot 2.4.0 that stems from the presence of a session fixation...

CVE-2022-0527 Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Cross-site Scripting XSS - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0...