Cross-site Scripting in karma

Description

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

Recommendation

Update the karma package to the latest compatible version. Followings are version details:

• Affected version(s): < 6.3.14
• Patched version(s): 6.3.14

References

• GHSA-7x7c-qm48-pq9c
• huntr.dev
• CVE-2022-0437
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Cross site scripting in three.js - CVE-2022-0177
• Cross-site Scripting in Prism - CVE-2022-23647
• Cross-site Scripting in fullpage.js - CVE-2022-1330
• Cross site scripting in reveal.js - CVE-2022-0776

Tags:

npm

karma