CVE-2021-3741 – Chatwoot Chatwoot Stored XSS Vulnerability

CVE ID : CVE-2021-3741

Published : Nov. 15, 2024, 11:15 a.m. | 1 hour, 11 minutes ago

Description : A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2021-3741

Published : Nov. 15, 2024, 11:15 a.m. | 1 hour, 11 minutes ago

Description : A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…