Home/Product/chatwoot
Product

chatwoot

17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-12246
<= 4.7.0
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript
4.3MEDIUM
 CVE-2025-12245
<= 4.7.0
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of th
5.3MEDIUM
 CVE-2024-0640
< 3.5.2
A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows a
4.8MEDIUM
 CVE-2025-21628
>= 2.16.1 and < 3.16.0
Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of
9.1CRITICAL
 CVE-2021-3742
< 2.5.0
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The
8.8HIGH
 CVE-2021-3741
< 2.6.0
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vu
5.4MEDIUM
 CVE-2021-3740
< 2.4.0
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing
6.8MEDIUM
 CVE-2023-2109
< 2.14.0
Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0.
6.1MEDIUM
 CVE-2022-3741
< 2.10.0
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on t
9.8CRITICAL
 CVE-2022-2901
< 2.8.0
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.
7.1HIGH
 CVE-2022-0542
< 2.7.0
Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.
6.1MEDIUM
 CVE-2022-1021
< 2.6.0
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.
5.4MEDIUM
 CVE-2022-1022
< 2.5.0
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0.
5.4MEDIUM
 CVE-2021-3813
<= 2.1.1
Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.
6.5MEDIUM
 CVE-2022-0527
<= 2.1.1
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
6.1MEDIUM
 CVE-2022-0526
<= 2.1.1
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
6.1MEDIUM
 CVE-2021-3649
< 1.18.0
chatwoot is vulnerable to Inefficient Regular Expression Complexity
7.5HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh