4 matches found
CVE-2021-3741
creationtimestamp| type| source ---|---|--- 2024-11-15 10:54:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113486597696670459 2024-11-15 13:15:50+00:00| seen| https://t.me/cvedetector/11072...
CVE-2021-3741 Stored Cross-site Scripting (XSS) in chatwoot/chatwoot
A stored cross-site scripting XSS vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom...
CVE-2021-3741 Stored Cross-site Scripting (XSS) in chatwoot/chatwoot
A stored cross-site scripting XSS vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom...
CVE-2021-3741
Chatwoot stored XSS vulnerability (CVE-2021-3741) affecting chatwoot/chatwoot versions prior to 2.6.0. The issue arises from uploading an SVG file containing a malicious XSS payload in Profile Settings; when the avatar is opened, the injected JavaScript executes. Impact is described as execution ...