CVE-2022-24967: 
Homebrew vulnerability analysis and mitigation

Black Rainbow NIMBUS before version 3.7.0 was discovered to contain a stored Cross-site Scripting (XSS) vulnerability. The vulnerability was discovered on January 26, 2022, and was assigned CVE-2022-24967. The affected software is the NIMBUS platform, specifically version 3.4.0 and earlier versions (CERT XLM, MITRE CVE).

The vulnerability allows attackers to store JavaScript payloads that execute when other users interact with the application. The CVSS v3.1 score for this vulnerability is 6.5, with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with impacts to confidentiality, integrity, and availability (CERT XLM).

When exploited, this vulnerability enables attackers to perform actions on behalf of other users, exfiltrate data, conduct network discovery operations, and execute requests against other web applications from the victim's browser (CERT XLM).

The vulnerability has been patched in NIMBUS version 3.7.0. Users are advised to upgrade to this version or later to mitigate the risk (CERT XLM, Black Rainbow).