Cross site scripting

2020-11-2320:15:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

CPENameOperatorVersion
magicpineq2.1

CPE	Name	Operator	Version
	magicpin	eq	2.1

References

akshayj0111.medium.com/cve-2020-28927-6f64c25239bb

magicpin.in