CVE-2026-4765
Stored Cross-Site Scripting (XSS) in Tallos Chat by RD Station Conversas
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Stored Cross-Site Scripting (XSS) vulnerability in the RD Station Conversas chat. The vulnerability resides in the ‘name’ parameter of the initialization process due to improper sanitization of user input. The vulnerability is not limited to self-exploitation: when a support agent joins the conversation, the malicious script also executes in their browser, increasing the impact. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code within the context of the application.
| CWE | CWE-79 |
| Vendor | rd station conversas |
| Product | tallos chat |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for rd station conversas tallos chat
Be the first to know when new unknown vulnerabilities affecting rd station conversas tallos chat are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
RD Station Conversas / Tallos Chat
all versions
References
Credits
Leopoldo Angulo Gallego