CVE-2021-3742 Server-Side Request Forgery (SSRF) in chatwoot/chatwoot

A Server-Side Request Forgery SSRF vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigg...

CVE-2021-3742

Chatwoot/chatwoot before 2.5.0 is affected by a Server-Side Request Forgery (SSRF) via SVG file uploads used as avatars; opening the SVG can trigger SSRF and host redirection. Root cause: SVG handling allows SSRF payloads in uploaded avatars. Impact: host redirection. Remediation: upgrade to 2.5....

CVE-2022-3741 Improper Restriction of Excessive Authentication Attempts in chatwoot/chatwoot

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output...

CVE-2022-0542 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Cross-site Scripting XSS - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0...