CVE-2026-4765 in Tallos Chatthông tin

Tóm tắt

Bởi MITRE • 13/07/2026

Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user input. The vulnerability is not limited to self-exploitation: when a support agent joins the conversation, the malicious script also executes in their browser, increasing the impact. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code within the context of the application.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

chịu trách nhiệm

INCIBE

Đặt trước

24/03/2026

Tiết lộ

13/07/2026

Kiểm duyệt

được chấp nhận

EPSS

0.00000

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you want to use VulDB in your project?

Use the official API to access entries easily!