Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

karma

Source -

CNANVD

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2021-23495
Assigner-Snyk
ShareView Details
Assigner-Snyk
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 20:00
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect

The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.

Action-Not Available
Vendor-karma_projectn/a
Product-karmakarma
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-0437
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-9.27% / 92.42%
||
7 Day CHG~0.00%
Published-05 Feb, 2022 | 01:50
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - DOM in karma-runner/karma

Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.

Action-Not Available
Vendor-karma_projectkarma-runner
Product-karmakarma-runner/karma
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18399
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.19% / 78.03%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 22:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.

Action-Not Available
Vendor-jcon/a
Product-karman/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')