Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:chatwoot:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Chatwoot (472ba897-4259-5f57-8655-0a99c04b7ac5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-5205 |
vulnerable | 2026-06-08 08:07:03.259207 |
chatwoot Webhook API trigger.rb Trigger server-side request forgery
MEDIUM (6.3)
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-31T16:30:11.076Z
Updated: 2026-04-03T16:35:11.084Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-4990 |
vulnerable | 2026-06-08 08:07:02.762472 |
chatwoot Signup Endpoint login improper authorization
HIGH (7.3)
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-27T21:27:18.090Z
Updated: 2026-03-31T14:28:07.910Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12246 |
vulnerable | 2026-06-08 07:04:29.928513 |
chatwoot Admin IframeLoader.vue cross site scripting
MEDIUM (4.3)
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-27T07:32:09.692Z
Updated: 2025-10-27T17:55:14.601Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12245 |
vulnerable | 2026-06-08 07:04:29.927129 |
chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation
MEDIUM (5.3)
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-10-27T07:32:07.544Z
Updated: 2026-02-26T16:57:05.851Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.