Tawkto · Tawk.To · CVE-2025-57483
**Name of the Vulnerable Software and Affected Versions**
tawk.to chatbox widget version 4
**Description**
A reflected cross-site scripting (XSS) issue exists in tawk.to chatbox widget version 4. This allows attackers to execute arbitrary Javascript in the context of a user’s browser by injecting a crafted payload into a vulnerable parameter. The attack vector involves manipulating input to achieve this execution.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.