Chatwoot: >> Chatwoot >> 3.16.0 Security Vulnerabilities
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-27
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-27