Primary

Context

Click2Magic Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Click2Magic version 1.1.5. This vulnerability allows attackers to inject malicious scripts into the chat name input. When an administrator processes user requests, the injected script is executed, enabling the attacker to capture the admin's cookies and potentially access user data.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the chat, such as an administrator.

Reproduction

To reproduce this vulnerability, start a new chat and enter a chat name that includes a script payload, such as a script tag linking to an external script source. Once the chat is saved, the script will execute when the administrator views the chat, allowing the attacker to capture the admin's cookies.

Added: Jan 25, 2026, 1:18 PM

Updated: Jan 25, 2026, 1:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

7.3

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

7.3

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Click2Magic Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating