CVE-2021-3742

HIGH Year: 2021
CVSS v3 Score
7.9
High
Weakness Type
CWE-918
View all →

Vulnerability Description

A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection.

Related Vulnerabilities

CVE-2025-22399

HIGH
CVSS:7.9(High)

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Se...

CWE-9182025

CVE-2017-1000139

HIGH
CVSS:8.0(High)

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked ag...

CWE-9182017

CVE-2022-3841

HIGH
CVSS:7.8(High)

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (R...

CWE-9182022

CVE-2023-42361

HIGH
CVSS:7.8(High)

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via ...

CWE-9182023

CVE-2017-16870

HIGH
CVSS:8.1(High)

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that ...

CWE-9182017

CVE-2017-6201

HIGH
CVSS:8.1(High)

A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access contr...

CWE-9182017