Vulnerabilities (CVE)

Filtered by vendor Karma Project Subscribe
Filtered by product Karma
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0437 1 Karma Project 1 Karma 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
CVE-2021-23495 1 Karma Project 1 Karma 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.