An issue exists in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an malicious user to add an XSS payload to the JSON request that will execute when users visit the page with the comment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
onyaktech comments pro project onyaktech comments pro 3.8 |