Home

Description

Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding

PUBLISHED Reserved 2025-04-22 | Published 2025-07-25 | Updated 2025-07-25 | Assigner mitre

References

tawkto.com

github.com/pracharapol/CVE-2025-45960

cve.org (CVE-2025-45960)

nvd.nist.gov (CVE-2025-45960)

Download JSON