PT-2025-12020 · Chatwoot · Chatwoot
Published
2025-03-20
·
Updated
2025-10-28
·
CVE-2024-0640
CVSS v3.1
5.6
Medium
| Vector | AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
chatwoot/chatwoot versions 3.0.0 through 3.5.1
Description
A stored cross-site scripting (XSS) issue exists, allowing an admin user to inject malicious JavaScript code via the dashboard app settings. This code can then be executed by another admin user when they access the affected dashboard app.
Recommendations
For versions 3.0.0 through 3.5.1, update to version 3.5.2 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chatwoot