PT-2025-12020 · Chatwoot · Chatwoot
Publicado
2025-03-20
·
Atualizado
2025-10-28
·
CVE-2024-0640
CVSS v3.1
5.6
Média
| Vetor | AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
chatwoot/chatwoot versions 3.0.0 through 3.5.1
Description
A stored cross-site scripting (XSS) issue exists, allowing an admin user to inject malicious JavaScript code via the dashboard app settings. This code can then be executed by another admin user when they access the affected dashboard app.
Recommendations
For versions 3.0.0 through 3.5.1, update to version 3.5.2 to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Chatwoot