Skip to main content

Chatwoot CVE-2022-0542

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-08-19 security@huntr.dev
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 19, 2022 - 18:15 nvd
MEDIUM 6.1

DescriptionNVD

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.

AnalysisAI

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. Affected products include: Chatwoot. Version information: prior to 2.7.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-3741 CRITICAL POC
9.8 Oct 28

Impact varies for each individual vulnerability in the application. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2021-3649 HIGH POC
7.5 Jul 16

chatwoot is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability

CVE-2022-2901 HIGH POC
7.1 Sep 06

Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. Rated high severity (CVSS 7.1), this vulnera

CVE-2022-1021 MEDIUM POC
5.4 Aug 19

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. Rated medium severity (

CVE-2022-1022 MEDIUM POC
5.4 Apr 21

Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0. Rated medium severity (CVSS 5

CVE-2024-0640 MEDIUM POC
4.8 Mar 20

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. Rated medium seve

CVE-2026-44706 HIGH
8.5 May 26

SQL injection in Chatwoot versions 2.2.0 through 4.11.1 allows any authenticated account user to execute arbitrary SQL v

CVE-2026-44707 MEDIUM
6.8 May 26

Pre-Account Takeover in Chatwoot's OmniAuth integration affects all releases from 2.14.0 through 4.12.x, allowing an att

CVE-2025-12246 LOW POC
2.1 Oct 27

Cross-site scripting (XSS) in Chatwoot up to version 4.7.0 allows remote attackers to inject malicious scripts via the L

CVE-2023-2109 MEDIUM
6.1 Apr 17

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0. Rated medium severity (CVSS 6.1

CVE-2026-4990 MEDIUM
5.5 Mar 27

Improper authorization in Chatwoot up to version 4.11.1 allows remote unauthenticated attackers to bypass authentication

CVE-2026-5205 LOW
2.1 Mar 31

Server-side request forgery (SSRF) in Chatwoot up to version 4.11.2 allows authenticated remote attackers to manipulate

Share

CVE-2022-0542 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy