Cross-Site Scripting (XSS) Vulnerability in OnyakTech Comments Pro 3.8

Cross-Site Scripting (XSS) Vulnerability in OnyakTech Comments Pro 3.8

CVE-2021-33483 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.

Learn more about our User Device Pen Test.