CVE-2020-28927

Name of the Vulnerable Software and Affected Versions Magicpin version 2.1

Description The issue is a Stored XSS in the User Registration section. When an admin visits the manage user section from the admin panel, the XSS triggers, allowing an attacker to steal cookies based on a crafted payload.

Recommendations For Magicpin version 2.1, as a temporary workaround, consider restricting access to the User Registration section and the manage user section from the admin panel until a patch is available. Avoid using the potentially vulnerable user registration functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.