Home

Description

A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the vulnerable parameter.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-29 | Updated 2025-09-29 | Assigner mitre

References

ticketsmonk.com/events/details/412291

github.com/Jainil-89/CVE/blob/main/cve.md

cve.org (CVE-2025-57483)

nvd.nist.gov (CVE-2025-57483)

Download JSON