Stored Cross-Site Scripting in Click2Magic by Click2Magic
CVE-2020-36931

5.1MEDIUM

Key Information:

Vendor: Click2magic
Status: Click2magic
Vendor: CVE Published:; 25 January 2026

🔔 Create Click2magic Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-36931?

Click2Magic 1.1.5 is vulnerable to stored cross-site scripting, enabling attackers to inject harmful scripts into the chat name input field. By crafting a malicious payload, an attacker can manipulate data that may lead to the capture of administrator cookies when the admin interacts with user requests. This vulnerability poses a serious risk to web application security within the affected software, representing a vector for session hijacking and unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Click2Magic 0 <= 1.1.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-36931 - Proof of Concept

References

https://www.exploit-db.com/exploits/49347

exploit

https://www.click2magic.com/user/agent/index

product

https://www.click2magic.com

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

🟡
Public PoC available
Jan 25, 2026
👾
Exploit known to exist
Jan 25, 2026
Vulnerability published
Jan 25, 2026
Vulnerability Reserved
Jan 23, 2026

Credit

Shivam Verma(cyb3r_n3rd)

JSON

Click2magic