HomeCVE-2020-36931

CVE-2020-36931

MEDIUM
5.1CVSS
Published: 2026-01-25
Updated: 2026-01-26
AI Analysis

Description

Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests.

CVSS Metrics

Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
network
Complexity
low
Privileges
low
User Action
passive
Confidentiality
undefined
Integrity
undefined
Availability
undefined
Weaknesses
CWE-79

Metadata

Primary Vendor
UNKNOWN
Published
1/25/2026
Last Modified
1/26/2026
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

No affected products information available.

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2020-36931 | MEDIUM Severity | CVEDatabase.com | CVEDatabase.com