🔐 CVE Alert

CVE-2026-4765

UNKNOWN 0.0

Stored Cross-Site Scripting (XSS) in Tallos Chat by RD Station Conversas

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user input. The vulnerability is not limited to self-exploitation: when a support agent joins the conversation, the malicious script also executes in their browser, increasing the impact. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code within the context of the application.

CWE CWE-79
Vendor rd station conversas
Product tallos chat
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for rd station conversas tallos chat

Be the first to know when new unknown vulnerabilities affecting rd station conversas tallos chat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

RD Station Conversas / Tallos Chat
all versions

References

NVD ↗ CVE.org ↗ EPSS Data ↗
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-tallos-chat-rd-station-conversas

Credits

Leopoldo Angulo Gallego