Skip to main content

Tallos Chat EUVDEUVD-2026-43337

| CVE-2026-4765 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-13 INCIBE
5.1
CVSS 4.0 · Vendor: INCIBE
Share

Severity by source

Vendor (INCIBE) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.1 MEDIUM

Stored XSS executes in support agent's browser (scope change S:C); no privileges or special conditions required beyond initiating a public chat session.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (INCIBE).

CVSS VectorVendor: INCIBE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 13, 2026 - 11:30 vuln.today

DescriptionCVE.org

Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user input. The vulnerability is not limited to self-exploitation: when a support agent joins the conversation, the malicious script also executes in their browser, increasing the impact. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code within the context of the application.

AnalysisAI

Stored XSS in Tallos Chat (RD Station Conversas) allows unauthenticated attackers to inject persistent malicious JavaScript via the 'name' parameter during chat session initialization. The payload executes not only in the initiating visitor's browser but also in the browser of any support agent who joins the conversation, expanding the attack surface to privileged operator sessions within the platform. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Access public Tallos Chat widget
Delivery
Submit XSS payload as chat 'name' field
Exploit
Payload persists in chat backend
Execution
Support agent opens conversation
Persist
Malicious script executes in agent browser
Impact
Exfiltrate session token or credentials

Vulnerability AssessmentAI

Exploitation The attacker must be able to initiate a new Tallos Chat session via the publicly accessible chat widget, which the CVSS vector (PR:N) indicates requires no authentication. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.1 (Medium, vector AV:N/AC:L/AT:N/PR:N/UI:A) reflects that exploitation requires no privileges and is network-accessible, but mandates active user interaction (UI:A) - specifically, a support agent joining the chat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker visits a business's website and initiates a Tallos Chat session, entering a JavaScript payload such as a cookie-stealing script as their display name. The payload is stored by the chat backend and renders silently. …
Remediation No vendor-released patch or specific fixed version has been independently confirmed from the available data; organizations should contact RD Station Conversas directly and monitor the INCIBE advisory for patch release information: https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-tallos-chat-rd-station-conversas. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy