VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Stored XSS in chatwoot/chatwoot

CVE-2024-0640

Description

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard app. The issue is fixed in version 3.5.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Chatwoot/Chatwootllm-fuzzy2 versions
    >=3.0.0, <=3.5.1+ 1 more
    • (no CPE)range: >=3.0.0, <=3.5.1
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.