CVE-2021-33483

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
07/09/2021
Last modified:
13/09/2021

Description

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:onyaktech_comments_pro_project:onyaktech_comments_pro:3.8:*:*:*:*:*:*:*