exploitDog

CVE-2021-33483

Опубликовано: 07 сент. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.

Ссылки

https://burninatorsec.blogspot.com/2021/07/onyaktech-comments-pro-broken.html
Exploit
Third Party Advisory
https://twitter.com/onyaktech
Third Party Advisory
https://burninatorsec.blogspot.com/2021/07/onyaktech-comments-pro-broken.html
Exploit
Third Party Advisory
https://twitter.com/onyaktech
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:onyaktech_comments_pro_project:onyaktech_comments_pro:3.8:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00185

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m4jf-3r59-83j5

github

больше 3 лет назад

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.

EPSS

Процентиль: 40%

0.00185

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79