Vulnerability Details CVE-2020-28927
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References