WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously...
6.3CVSS
6.1AI Score
0.0004EPSS
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in...
9.8CVSS
9.4AI Score
0.003EPSS
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query...
6.1CVSS
6.2AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.001EPSS
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config...
9.8CVSS
9.7AI Score
0.012EPSS
SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id"...
9.8CVSS
9.8AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API...
8.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.9AI Score
0.003EPSS