CVE-2025-57483

HIGH

tawk.to chatbox widget v4 - Reflected Cross-Site Scripting via Vulnerable Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-57483. PoCs published by Jainil-89.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2025-57483, a Cross-Site Scripting (XSS) vulnerability in the tawk.to Live Chat Support widget (version v4.x). The writeup includes technical details such as the affected product, CVSS scoring, and steps to reproduce the vulnerability.

Description

A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the vulnerable parameter.

Exploits (1)

nomisec WRITEUP 1 stars

by Jainil-89 · poc

https://github.com/Jainil-89/CVE

View Code ZIP pw:eip

This repository contains a detailed writeup for CVE-2025-57483, a Cross-Site Scripting (XSS) vulnerability in the tawk.to Live Chat Support widget (version v4.x). The writeup includes technical details such as the affected product, CVSS scoring, and steps to reproduce the vulnerability.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: tawk.to Live Chat Support Widget v4.x

No auth needed

Prerequisites: Access to a vulnerable tawk.to chat widget · Ability to inject malicious input into the chat

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/Jainil-89/CVE/blob/main/cve.md

View Writeup ZIP pw:eip

Various Sources

https://ticketsmonk.com/events/details/412291

Scores

CVSS v3 8.1

EPSS 0.0027

EPSS Percentile 18.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Sep 29, 2025

Tracked Since Feb 18, 2026