.. / CVE-2022-0437

Exploit for karma-runner DOM-based Cross-Site Scripting (CVE-2022-0437)

Description:

NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.

Nuclei Template

View the template here CVE-2022-0437.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0437.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0437
https://github.com/ARPSyndicate/cvemon
https://github.com/karma-runner/karma
https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885