CVE-2022-0437

Name of the Vulnerable Software and Affected Versions karma versions prior to 6.3.14

Description The issue is related to a Cross-site Scripting (XSS) - DOM vulnerability in the karma testing emulator for JavaScript code on the Node.js platform. This vulnerability exists due to inadequate protection of the web page structure. Exploitation of this issue may allow a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For versions prior to 6.3.14, update to version 6.3.14 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable karma instances until the update is applied.