CVE-2020-28927

There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
magicpinmagicpin
2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://akshayj0111.medium.com/cve-2020-28927-6f64c25239bb
https://magicpin.in
https://akshayj0111.medium.com/cve-2020-28927-6f64c25239bb
https://magicpin.in