cve/2021/CVE-2021-33483.md

### [CVE-2021-33483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33483)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.

### POC

#### Reference
- https://burninatorsec.blogspot.com/2021/07/onyaktech-comments-pro-broken.html

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-33483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33483)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.`

			`### POC`

			`#### Reference`
			`- https://burninatorsec.blogspot.com/2021/07/onyaktech-comments-pro-broken.html`

			`#### Github`
			`No PoCs found on GitHub currently.`