Onyaktech Comments Pro Security Vulnerabilities and Issues — Onyaktech Comments Pro CVE List

Lucene search

Onyaktech Comments Pro ProjectOnyaktech Comments Pro

1 matches found

CVE•added 2021/09/07 5:15 a.m.•33 views

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted encryp...

7.5CVSS7.4AI score0.00156EPSS