Chatwoot

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-0640 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chatwoot
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-21628 CRITICAL PATCH This Week

Chatwoot is a customer engagement suite. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Chatwoot
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-0640
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chatwoot
NVD GitHub
CVE-2025-21628
EPSS 0% CVSS 9.1
CRITICAL PATCH This Week

Chatwoot is a customer engagement suite. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Chatwoot
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy