PT-2025-39845 · Tawkto · Tawk.To
Jainil Borisagar
+1
·
Published
2025-09-29
·
Updated
2025-12-23
·
CVE-2025-57483
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
tawk.to chatbox widget version 4
Description
A reflected cross-site scripting (XSS) issue exists in tawk.to chatbox widget version 4. This allows attackers to execute arbitrary Javascript in the context of a user’s browser by injecting a crafted payload into a vulnerable parameter. The attack vector involves manipulating input to achieve this execution.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tawk.To