Skip to main content

Tallos Chat

1 CVEs product

Monthly

CVE-2026-4765 MEDIUM This Month

Stored XSS in Tallos Chat (RD Station Conversas) allows unauthenticated attackers to inject persistent malicious JavaScript via the 'name' parameter during chat session initialization. The payload executes not only in the initiating visitor's browser but also in the browser of any support agent who joins the conversation, expanding the attack surface to privileged operator sessions within the platform. No public exploit code or active exploitation has been confirmed at time of analysis, and no EPSS data was provided.

XSS Tallos Chat
NVD
CVSS 4.0
5.1
EPSS
0.3%
EPSS 0% CVSS 5.1
MEDIUM This Month

Stored XSS in Tallos Chat (RD Station Conversas) allows unauthenticated attackers to inject persistent malicious JavaScript via the 'name' parameter during chat session initialization. The payload executes not only in the initiating visitor's browser but also in the browser of any support agent who joins the conversation, expanding the attack surface to privileged operator sessions within the platform. No public exploit code or active exploitation has been confirmed at time of analysis, and no EPSS data was provided.

XSS Tallos Chat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy