← Back

Magicpin

magicpin

Vendor: Magicpin • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-31447
1Magicpin
1Magicpin
Nov 21, 2024
Jun 14, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.
CVE-2020-28927
1Magicpin
1Magicpin
Nov 21, 2024
Nov 23, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to...Show more
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.Show less