CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

CVE-2021-33483

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...

EUVD-2021-20187

Malware in sbrugna...

EUVD-2021-20186

Malware in sbrugna...

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

CVE-2021-33483

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

CVE-2021-33484

OnyakTech Comments Pro 3.8 is affected in its CommentsService.ashx. An attacker can decompile the installer to find a hardcoded IV used to encrypt usernames and user IDs in the comment POST request, and can decrypt the encryption key by setting the encrypted value as the username, revealing the d...

CVE-2021-33483

OnyakTech Comments Pro 3.8 contains a Cross-Site Scripting (XSS) vulnerability in CommentsService.ashx, where the comment posting functionality accepts a JSON payload that can carry an XSS payload. When users view the page with the affected comment, the attacker-controlled script can execute in t...

OnyakTech Comments Pro 跨站脚本漏洞

OnyakTech Comments Pro has been building DNN modules since 2003. A cross-site scripting vulnerability exists in OnyakTech Comments Pro, which stems from the comment function in the product's CommentsService.ashx page not securely validating json requests. The vulnerability can be exploited to...