Shivam Verma

**Name of the Vulnerable Software and Affected Versions** Click2Magic version 1.1.5 **Description** The software contains a stored cross-site scripting issue that allows attackers to inject malicious scripts through the chat name input. An attacker can create a malicious payload within the chat name to obtain administrator cookies when the administrator handles user requests. The vulnerable input is the chat name. The attack involves capturing administrator cookies. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for the chat name field to prevent script injection.