CVE-2020-28927 — MEDIUM (6.1)

Vulnerability Description

There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Magicpin	Magicpin	2.1

Related Weaknesses (CWE)

CWE-79

References

https://akshayj0111.medium.com/cve-2020-28927-6f64c25239bbExploitThird Party Advisory
https://magicpin.inProduct
https://akshayj0111.medium.com/cve-2020-28927-6f64c25239bbExploitThird Party Advisory
https://magicpin.inProduct

FAQ

What is CVE-2020-28927?

CVE-2020-28927 is a vulnerability with a CVSS score of 6.1 (MEDIUM). There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the...

How severe is CVE-2020-28927?

CVE-2020-28927 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28927?

Check the references section above for vendor advisories and patch information. Affected products include: Magicpin Magicpin.