CVE-2022-3333

Name of the Vulnerable Software and Affected Versions Zephyr Project Manager versions up to 3.2.4

Description A problematic issue was found in the REST Call Handler component, affecting an unknown function of the file /v1/tasks/create/. The manipulation of the onanimationstart argument leads to cross-site scripting. This issue can be exploited remotely.

Recommendations For Zephyr Project Manager versions up to 3.2.4, upgrade to version 3.2.5 to address this issue. As a temporary workaround, consider restricting access to the /v1/tasks/create/ API endpoint until the upgrade is applied.