CVE-2021-33483

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
onyaktech_comments_pro_projectonyaktech_comments_pro
3.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://burninatorsec.blogspot.com/2021/07/onyaktech-comments-pro-broken.html
https://twitter.com/onyaktech
https://burninatorsec.blogspot.com/2021/07/onyaktech-comments-pro-broken.html
https://twitter.com/onyaktech