11 matches found
CVE-2021-33484
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...
CVE-2021-33483
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...
EUVD-2021-20187
Malware in sbrugna...
EUVD-2021-20186
Malware in sbrugna...
CVE-2021-33484
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...
CVE-2021-33483
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...
CVE-2021-33483
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...
CVE-2021-33484
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...
CVE-2021-33484
An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...
CVE-2021-33484
OnyakTech Comments Pro 3.8 is affected in its CommentsService.ashx. An attacker can decompile the installer to find a hardcoded IV used to encrypt usernames and user IDs in the comment POST request, and can decrypt the encryption key by setting the encrypted value as the username, revealing the d...
CVE-2021-33483
OnyakTech Comments Pro 3.8 contains a Cross-Site Scripting (XSS) vulnerability in CommentsService.ashx, where the comment posting functionality accepts a JSON payload that can carry an XSS payload. When users view the page with the affected comment, the attacker-controlled script can execute in t...