6 matches found
Cross-site Scripting (XSS)
Overview @haxtheweb/iframe-loader is an Adds a loading indicator for iframes. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the...
EUVD-2025-36122
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...
CVE-2025-12246 chatwoot Admin IframeLoader.vue cross site scripting
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...
CVE-2025-12246 chatwoot Admin IframeLoader.vue cross site scripting
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...
CVE-2025-12246
The CVE-2025-12246 entry concerns chatwoot versions up to 4.7.0, specifically the Admin Interface file app/javascript/shared/components/IframeLoader.vue. The vulnerability arises from manipulation of the Link argument, enabling cross-site scripting. Exploitation is described as remote, but no in‑...
PT-2025-43903
Name of the Vulnerable Software and Affected Versions chatwoot versions up to 4.7.0 Description A security flaw exists in chatwoot affecting the Admin Interface component, specifically within the app/javascript/shared/components/IframeLoader.vue file. Manipulation of the Link argument can lead to...