CVE-2020-36931

Name of the Vulnerable Software and Affected Versions Click2Magic version 1.1.5

Description The software contains a stored cross-site scripting issue that allows attackers to inject malicious scripts through the chat name input. An attacker can create a malicious payload within the chat name to obtain administrator cookies when the administrator handles user requests. The vulnerable input is the chat name. The attack involves capturing administrator cookies.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for the chat name field to prevent script injection.