216.73.217.24

CVE-2020-36931

· Published 25/01/2026 13:15 · Modified 26/01/2026 15:03

Labels: CVE-2020-36931 2026-01-25CVE-2020-36931CWE-79[email protected]

Essential information

Published
25/01/2026 13:15
Modified
26/01/2026 15:03
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
click2magic / click2magic cpe:2.3:a:click2magic:click2magic:1.1.5:*:*:*:*:*:*:*

References