Five9
Products
2- 3 CVEs
- 2 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15509 | Cri | 0.64 | 9.8 | 0.02 | Mar 18, 2019 | Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2). | ||
| CVE-2018-15508 | Hig | 0.49 | 7.5 | 0.02 | Mar 21, 2019 | Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2). | ||
| CVE-2025-11829 | Med | 0.42 | 6.4 | 0.00 | Nov 11, 2025 | The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible… | ||
| CVE-2025-8349 | Med | 0.34 | — | 0.00 | Oct 20, 2025 | Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and… | ||
| CVE-2025-45960 | 0.00 | — | 0.00 | Jul 25, 2025 | Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding |
- risk 0.64cvss 9.8epss 0.02
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
- risk 0.49cvss 7.5epss 0.02
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2).
- risk 0.42cvss 6.4epss 0.00
The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping. This makes it possible…
- risk 0.34cvss —epss 0.00
Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and…
- CVE-2025-45960Jul 25, 2025risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding