Jonathan Ginsburg

2 exploits Active since Feb 2022
CVE-2021-23495 WRITEUP MEDIUM WRITEUP
karma < 6.3.16 - Open Redirect via return_url Query Parameter
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
CVSS 5.4
CVE-2022-0437 WRITEUP MEDIUM WRITEUP
karma < 6.3.14 - DOM-based Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
CVSS 6.1