VYPR
Vendor

OnyakTech

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2021-33484HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt…

  • CVE-2021-33483MedSep 7, 2021
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.