Jainil-89

**Name of the Vulnerable Software and Affected Versions** tawk.to chatbox widget version 4 **Description** A reflected cross-site scripting (XSS) issue exists in tawk.to chatbox widget version 4. This allows attackers to execute arbitrary Javascript in the context of a user’s browser by injecting a crafted payload into a vulnerable parameter. The attack vector involves manipulating input to achieve this execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.