Tallos Chat
Monthly
Stored XSS in Tallos Chat (RD Station Conversas) allows unauthenticated attackers to inject persistent malicious JavaScript via the 'name' parameter during chat session initialization. The payload executes not only in the initiating visitor's browser but also in the browser of any support agent who joins the conversation, expanding the attack surface to privileged operator sessions within the platform. No public exploit code or active exploitation has been confirmed at time of analysis, and no EPSS data was provided.
Stored XSS in Tallos Chat (RD Station Conversas) allows unauthenticated attackers to inject persistent malicious JavaScript via the 'name' parameter during chat session initialization. The payload executes not only in the initiating visitor's browser but also in the browser of any support agent who joins the conversation, expanding the attack surface to privileged operator sessions within the platform. No public exploit code or active exploitation has been confirmed at time of analysis, and no EPSS data was provided.