PT-2021-20146 · Onyaktech · Onyaktech Comments Pro

Burninator

Published

2021-09-07

Updated

2021-09-13

CVE-2021-33483

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OnyakTech Comments Pro version 3.8

Description An issue in CommentsService.ashx allows an attacker to add an XSS payload to the JSON request, which will execute when users visit the page with the comment. This affects the comment posting functionality.

Recommendations For OnyakTech Comments Pro version 3.8, consider disabling the comment posting functionality in CommentsService.ashx until a patch is available to prevent the addition of XSS payloads to JSON requests.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-33483

Affected Products

Onyaktech Comments Pro

PT-2021-20146 · Onyaktech · Onyaktech Comments Pro

CVE-2021-33483

Weakness Enumeration

Related Identifiers

Affected Products

References · 5