Exposure of Chatwoot
Live chat23
exposure score
4,378
sites use
0
exploited
1
critical
CVEs
7 resultsCVE-2025-21628CRITICALChatwoot has a Blind SQL-injection in Conversation and Contacts filtersEPSS 0.6%CVE-2026-4990MEDIUMchatwoot Signup Endpoint login improper authorizationEPSS 0.4%CVE-2026-44707MEDIUMChatwoot: Pre-Account Takeover via OAuth on Unconfirmed AccountsEPSS 0.3%CVE-2025-12246MEDIUMchatwoot Admin IframeLoader.vue cross site scriptingEPSS 0.3%CVE-2025-12245MEDIUMchatwoot Widget IFrameHelper.js initPostMessageCommunication origin validationEPSS 0.3%CVE-2026-44706HIGHChatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute ValuesEPSS 0.2%CVE-2026-5205MEDIUMchatwoot Webhook API trigger.rb Trigger server-side request forgeryEPSS 0.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →