Primary

Context

Samsung MagicInfo 9 Server Stored Cross-Site Scripting Vulnerability Allowing Account Takeover

Vulnerability

A stored cross-site scripting vulnerability has been identified in Samsung MagicInfo 9 Server versions prior to 21.1090.1. This issue allows authorized users to upload HTML files without proper authentication, potentially leading to account takeover.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, with the potential for account takeover.

Remediation

Users can update to the latest version of MagicInfo 9 Server to address this vulnerability. Instructions for checking and applying software updates are available on the Samsung website.

Added: Feb 2, 2026, 5:18 AM

Updated: Feb 2, 2026, 5:18 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

6.4

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

6.4

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung MagicInfo 9 Server Stored Cross-Site Scripting Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

Samsung MagicInfo9 Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating