CVE-2022-3333: Zephyr Project Manager REST Call cross site scripting
First published: Wed Sep 28 2022(Updated: )
A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dylan James Zephyr Project Manager | <3.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-3333?
CVE-2022-3333 is classified as a problematic vulnerability.
How does CVE-2022-3333 affect the Zephyr Project Manager?
CVE-2022-3333 allows for cross-site scripting due to improper handling of arguments in the REST Call Handler.
Which versions of Zephyr Project Manager are affected by CVE-2022-3333?
CVE-2022-3333 affects Zephyr Project Manager versions up to 3.2.4.
How do I fix CVE-2022-3333?
To mitigate CVE-2022-3333, upgrade Zephyr Project Manager to version 3.2.5 or later.
What component is involved in CVE-2022-3333?
CVE-2022-3333 involves the REST Call Handler component of the Zephyr Project Manager.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/weakness
- agent/remedy
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zephyr-one
- canonical/dylan james zephyr project manager