CVE-2025-12246 | chatwoot up to 4.7.0 Admin Interface IframeLoader.vue Link cross site scripting

A vulnerability was found in chatwoot up to 4.7.0. It has been declared as problematic. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting.

This vulnerability is identified as CVE-2025-12246. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More