RSS   Vulnerabilities for 'Magicpin'   RSS

2020-11-23
 
CVE-2020-28927

CWE-79
 

 
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

 


Copyright 2024, cxsecurity.com

 

Back to Top