Vulnerabilities in chatwoot
17 resultsCVE-2022-1022HIGHCross-site Scripting (XSS) - Stored in chatwoot/chatwootEPSS 4.5%CVE-2021-3649HIGHInefficient Regular Expression Complexity in chatwoot/chatwootEPSS 1.2%CVE-2021-3813MEDIUMImproper Privilege Management in chatwoot/chatwootEPSS 1.1%CVE-2022-3741CRITICALImproper Restriction of Excessive Authentication Attempts in chatwoot/chatwootEPSS 0.9%CVE-2022-0526HIGHCross-site Scripting (XSS) - Stored in chatwoot/chatwootEPSS 0.8%CVE-2022-0527MEDIUMCross-site Scripting (XSS) - Stored in chatwoot/chatwootEPSS 0.8%CVE-2022-0542HIGHCross-site Scripting (XSS) - DOM in chatwoot/chatwootEPSS 0.8%CVE-2025-21628CRITICALChatwoot has a Blind SQL-injection in Conversation and Contacts filtersEPSS 0.6%CVE-2022-1021HIGHInsecure Storage of Sensitive Information in chatwoot/chatwootEPSS 0.6%CVE-2022-2901HIGHImproper Authorization in chatwoot/chatwootEPSS 0.5%CVE-2021-3742HIGHServer-Side Request Forgery (SSRF) in chatwoot/chatwootEPSS 0.4%CVE-2023-2109MEDIUMCross-site Scripting (XSS) - DOM in chatwoot/chatwootEPSS 0.4%CVE-2026-44707MEDIUMChatwoot: Pre-Account Takeover via OAuth on Unconfirmed AccountsEPSS 0.3%CVE-2021-3741HIGHStored Cross-site Scripting (XSS) in chatwoot/chatwootEPSS 0.3%CVE-2024-0640MEDIUMStored XSS in chatwoot/chatwootEPSS 0.2%CVE-2026-44706HIGHChatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute ValuesEPSS 0.2%CVE-2021-3740MEDIUMSession Fixation in chatwoot/chatwootEPSS 0.2%