Karma Security Vulnerabilities

CVE-2024-34695

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously...

CVE-2022-37602

Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in...

CVE-2021-23495

The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query...

CVE-2022-0437

Cross-site Scripting (XSS) - DOM in NPM karma prior to...

CVE-2020-7626

karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config...

CVE-2018-18399

SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id"...

CVE-2008-6276

Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API...

CVE-2008-6275

Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified...