VYPR
Vendor

Magicpin

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2022-31447HigJun 14, 2022
    risk 0.49cvss 7.5epss 0.01

    An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.

  • CVE-2020-28927MedNov 23, 2020
    risk 0.40cvss 6.1epss 0.01

    There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.