A cross-site scripting vulnerability exists in versions of Zephyr Project Manager prior to 3.2.5, which stems from the lack of effective filtering and escaping of user-supplied data in the onanimationstart parameter, which can be exploited by attackers to leading to cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
zephyr project zephyr project manager | lt | 3.2.5 |