{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T02:49:42.453","vulnerabilities":[{"cve":{"id":"CVE-2020-28927","sourceIdentifier":"cve@mitre.org","published":"2020-11-23T20:15:12.900","lastModified":"2024-11-21T05:23:18.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload."},{"lang":"es","value":"Se presenta una vulnerabilidad de tipo XSS almacenado en Magicpin versión v2.1 en la sección User Registration. Cada vez que un administrador visita la sección manage user desde el panel de administración, el XSS se activa y el atacante puede robar la cookie de acuerdo con la carga útil diseñada"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:magicpin:magicpin:2.1:*:*:*:*:*:*:*","matchCriteriaId":"A5F96F1F-58C3-4480-A118-E2D407BADA78"}]}]}],"references":[{"url":"https://akshayj0111.medium.com/cve-2020-28927-6f64c25239bb","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://magicpin.in","source":"cve@mitre.org","tags":["Product"]},{"url":"https://akshayj0111.medium.com/cve-2020-28927-6f64c25239bb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://magicpin.in","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}