nvd-json-data-feeds/CVE-2021/CVE-2021-334xx/CVE-2021-33483.json

{
  "id": "CVE-2021-33483",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-09-07T05:15:06.723",
  "lastModified": "2021-09-13T14:43:54.790",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en el archivo CommentsService.ashx en OnyakTech Comments Pro versi\u00f3n 3.8. La funcionalidad comment posting permite a un atacante a\u00f1adir una carga \u00fatil de tipo XSS a la petici\u00f3n JSON que ser\u00e1 ejecutada cuando los usuarios visiten la p\u00e1gina con el comentario"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:onyaktech_comments_pro_project:onyaktech_comments_pro:3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C55DC5-EC59-4DD0-A331-7D4D9510AA7E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://burninatorsec.blogspot.com/2021/07/onyaktech-comments-pro-broken.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://twitter.com/onyaktech",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}