CNNVD-202510-3611 Information

CNNVD ID

CNNVD-202510-3611

Related CVE

CVE-2025-12246

• CNNVD Published: 2025-10-27

Description (Chinese)

Chatwoot是Chatwoot开源的一个应用软件。客户参与套件，对讲、Zendesk、Salesforce 服务云等的开源替代方案。 Chatwoot 4.7.0及之前版本存在代码注入漏洞，该漏洞源于对文件app/javascript/shared/components/IframeLoader.vue中参数Link的错误操作，可能导致跨站脚本攻击。

Description (English)

Chatwoot is an application from Chatwoot Open Source. Clients participate in an open source alternative to talk, Zendesk, Salesforce service cloud, etc. Chatwoot 4.7.0 and previous versions had a code-infusion loophole, which stemmed from the wrong operation of Link, the parameter in documentapp/javascript/shared/components/IframeLoader.vue, which could result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

Chatwoot

Published

2025-10-27

Last Modified

2026-02-24

References

https://hckwr.com/blog/multiple-vulnerabilities-in-chatwoot/ https://vuldb.com/?ctiid.329917 https://vuldb.com/?id.329917 https://vuldb.com/?submit.673801