Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:chatwoot:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductChatwoot (472ba897-4259-5f57-8655-0a99c04b7ac5)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-5205 vulnerable 2026-06-08 08:07:03.259207 chatwoot Webhook API trigger.rb Trigger server-side request forgery
MEDIUM (6.3)
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-31T16:30:11.076Z
Updated: 2026-04-03T16:35:11.084Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-4990 vulnerable 2026-06-08 08:07:02.762472 chatwoot Signup Endpoint login improper authorization
HIGH (7.3)
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-27T21:27:18.090Z
Updated: 2026-03-31T14:28:07.910Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-12246 vulnerable 2026-06-08 07:04:29.928513 chatwoot Admin IframeLoader.vue cross site scripting
MEDIUM (4.3)
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-27T07:32:09.692Z
Updated: 2025-10-27T17:55:14.601Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-12245 vulnerable 2026-06-08 07:04:29.927129 chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation
MEDIUM (5.3)
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-27T07:32:07.544Z
Updated: 2026-02-26T16:57:05.851Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.