CVE-2021-3741

CVSS V2 None CVSS V3 None
Description
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks.
Overview
  • CVE ID
  • CVE-2021-3741
  • Assigner
  • @huntr_ai
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-15T10:51:22.667Z
  • Last Modified Date
  • 2024-11-15T10:57:14.846Z
History
Created Old Value New Value Data Type Notes
2024-11-16 12:04:14 Added to TrackCVE