CVE-2021-33483
OnyakTech Comments Pro 3.8 contains a Cross-Site Scripting (XSS) vulnerability in CommentsService.ashx, where the comment posting functionality accepts a JSON payload that can carry an XSS payload. When users view the page with the affected comment, the attacker-controlled script can execute in t...