📦 Chatwoot

This SQL injection vulnerability in Chatwoot allows authenticated users to execute arbitrary SQL queries through conversation and contact filter endpoints. Attackers can bypass intended filters and po...

This Server-Side Request Forgery (SSRF) vulnerability in Chatwoot allows attackers to upload malicious SVG files containing SSRF payloads. When these files are used as avatars and opened in new tabs, ...

CVE-2021-3649 is a regular expression denial of service (ReDoS) vulnerability in Chatwoot's URL validation logic. Attackers can cause CPU exhaustion and service degradation by sending specially crafte...

This CVE describes a cross-site scripting (XSS) vulnerability in Chatwoot's admin interface that allows attackers to inject malicious scripts via manipulated Link parameters in the IframeLoader.vue co...

This CVE describes an origin validation vulnerability in Chatwoot's widget SDK that allows attackers to bypass security controls by manipulating the baseUrl parameter. The vulnerability affects Chatwo...

A stored cross-site scripting (XSS) vulnerability in Chatwoot allows admin users to inject malicious JavaScript code via dashboard app settings. This code executes when other admin users access the af...

This stored XSS vulnerability in Chatwoot allows attackers to upload malicious SVG files containing JavaScript payloads via profile settings. When victims view these avatars in a new page, the malicio...