Skip to main content

Magicpin

2 CVEs product

Monthly

CVE-2022-31447 HIGH POC This Week

An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Magicpin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-28927 MEDIUM POC This Month

There is a Stored XSS in Magicpin v2.1 in the User Registration section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Magicpin
NVD
CVSS 3.1
6.1
EPSS
0.7%
EPSS 1% CVSS 7.5
HIGH POC This Week

An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Magicpin
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

There is a Stored XSS in Magicpin v2.1 in the User Registration section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Magicpin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy