Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22733

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00394EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/27 12:19 a.m.11 views

CVE-2025-45960

Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...

6.1CVSS7.6AI score0.00394EPSS
Exploits1References1
OSV
OSV
added 2025/07/25 5:15 p.m.5 views

CVE-2025-45960

Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...

6.1CVSS6.2AI score0.00394EPSS
Exploits1References2
NVD
NVD
added 2025/07/25 5:15 p.m.6 views

CVE-2025-45960

Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...

6.1CVSS0.00394EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.6 views

PT-2025-30900 · Unknown · Tawk.To Live Chat

Name of the Vulnerable Software and Affected Versions: tawk.to Live Chat version 1.6.1 Description: A Cross Site Scripting issue exists in tawk.to Live Chat. The web application stores and displays user-supplied input without proper input validation or encoding, potentially allowing a remote...

6.1CVSS6.8AI score0.00394EPSS
Exploits1References4
CVE
CVE
added 2025/07/25 12:0 a.m.18 views

CVE-2025-45960

CVE-2025-45960 – tawk.to Live Chat v1.6.1 exposes a cross-site scripting vulnerability where user-supplied input is not properly validated or encoded in the web app, allowing a remote attacker to execute arbitrary code. The CVE entry and multiple sources (Red Hat, NVD, CVE List) confirm the issue...

6.1CVSS7.5AI score0.00394EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/25 12:0 a.m.5 views

CVE-2025-45960

Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding...

7.5AI score0.00394EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.5 views

tawk.to Live Chat 安全漏洞

tawk.to Live Chat is an online chat software from the US-based company tawk.to. A security vulnerability exists in tawk.to Live Chat version 1.6.1, which stems from insufficient input validation and could lead to cross-site scripting...

6.1CVSS6.2AI score0.00394EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/08/15 12:0 a.m.11 views

WordPress Tawk.To Live Chat Plugin < 0.6.0 Broken Access Control Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tawk:tawk.tolivechat"; if description...

8CVSS8AI score0.00519EPSS
Exploits2References1
CNVD
CNVD
added 2021/12/09 12:0 a.m.15 views

WordPress Tawk.To Live Chat plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress Tawk.To Live Chat plugin in versions prior to 0.6.0 suffers from a cross-site request forgery...

8CVSS2AI score0.00519EPSS
Exploits2References1
NVD
NVD
added 2021/12/06 4:15 p.m.9 views

CVE-2021-24914

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the...

8CVSS0.00519EPSS
Exploits2References1
Prion
Prion
added 2021/12/06 4:15 p.m.10 views

Cross site request forgery (csrf)

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in the tawktosetwidget and tawktoremovewidget AJAX actions, available to any authenticated user. The first one allows low-privileged users including simple subscribers to change the...

6CVSS7.7AI score0.00519EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/06 12:0 a.m.2 views

PT-2021-16364 · WordPress · Tawk.To Live Chat

Name of the Vulnerable Software and Affected Versions: Tawk.To Live Chat WordPress plugin versions prior to 0.6.0 Description: The issue concerns the lack of capability and CSRF checks in the tawkto setwidget and tawkto removewidget AJAX actions, which are available to any authenticated user. Thi...

8CVSS7.6AI score0.00519EPSS
Exploits2References4
Rows per page
Query Builder