CVE-2021-3741

Published Nov 15, 2024

Last updated 2 days ago

CVSS high 7.8

Overview

Description
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malicious XSS payload in the profile settings. When the avatar is opened in a new page, the custom JavaScript code is executed, leading to potential security risks.
Source
security@huntr.dev
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
7.8
Impact score
6
Exploitability score
1.2
Vector string
CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:H
Severity
HIGH

Weaknesses

security@huntr.dev
CWE-79

Social media

Hype score
Not currently trending

References