CNNVD-202510-2628 Information

CNNVD ID

CNNVD-202510-2628

Related CVE

CVE-2025-8349

• CNNVD Published: 2025-10-20

Description (Chinese)

tawk.to Tawk Live Chat是美国tawk.to公司的一款在线聊天软件。 Tawk Live Chat存在跨站脚本漏洞，该漏洞源于存储PDF文件时未正确清理JavaScript代码，可能导致存储型跨站脚本攻击。

Description (English)

Tawk.to Tawk Live Chat is an online chat software for the United States company Tawk.to. Tawk Live Chat has a cross-site script loophole, which stems from the incorrect clean-up of JavaScript code while storing PDF files, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

tawk.to

Published

2025-10-20

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-stored-tawk-live-chat