CVE-2025-8349

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

CVE-2025-8349

CVE-2025-8349 denotes a stored XSS in Tawk Live Chat. A malicious PDF with JavaScript uploaded via the chatbot is stored by the application and later rendered unsanitized to other users, enabling execution of arbitrary script (e.g., cookie theft) in the victim’s browser. Affected components inclu...

EUVD-2025-35044

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

CVE-2025-8349 Cross-Site Scripting (XSS) stored in Tawk Live Chat

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

CVE-2025-8349 Cross-Site Scripting (XSS) stored in Tawk Live Chat

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

Tawk Live Chat 跨站脚本漏洞

tawk.to Tawk Live Chat is an online chat software from the US company tawk.to. A cross-site scripting vulnerability exists in Tawk Live Chat that stems from not properly cleaning JavaScript code when storing PDF files, which could lead to a stored cross-site scripting attack...