Stored Cross-Site Scripting Vulnerability in RD Station Conversas Chat by RD Station
CVE-2026-4765
5.1MEDIUM
What is CVE-2026-4765?
A Stored Cross-Site Scripting (XSS) vulnerability exists in the RD Station Conversas chat application. The vulnerability is found in the 'name' parameter during the initialization process, resulting from improper sanitization of user input. This flaw allows an attacker to inject malicious scripts that can execute arbitrary JavaScript code within the application context. A significant risk arises as the script can also execute in the browsers of support agents who join the conversation, amplifying the potential impact of the attack.
Affected Version(s)
Tallos Chat Windows all versions
