Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:34018
HistoryFeb 07, 2022 - 5:09 a.m.

Cross-site Scripting (XSS)

2022-02-0705:09:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5

EPSS

0.001

Percentile

41.5%

karma is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the returnUrl parameter in the complete function of karma.js by navigating to the malicious URLs

CPENameOperatorVersion
karmale6.3.13
karmale4.1.0
karmale6.3.13
karmale4.1.0

EPSS

0.001

Percentile

41.5%