Fpatrik

**Name of the Vulnerable Software and Affected Versions** chatwoot versions prior to 4.7.0 **Description** A flaw exists in chatwoot that allows for origin validation errors. This issue is located within the `initPostMessageCommunication` function of the `app/javascript/sdk/IFrameHelper.js` file, part of the Widget component. Manipulation of the `baseUrl` argument can trigger this flaw. Remote exploitation is possible. **Recommendations** Update to a version of chatwoot greater than 4.7.0.

**Name of the Vulnerable Software and Affected Versions** chatwoot versions up to 4.7.0 **Description** A security flaw exists in chatwoot affecting the Admin Interface component, specifically within the `app/javascript/shared/components/IframeLoader.vue` file. Manipulation of the `Link` argument can lead to cross site scripting. The attack can be executed remotely. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions prior to 4.7.0 should be updated.