Moderate severityNVD Advisory· Published Feb 5, 2022· Updated Aug 2, 2024
Cross-site Scripting (XSS) - DOM in karma-runner/karma
CVE-2022-0437
Description
Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
karmanpm | < 6.3.14 | 6.3.14 |
Affected products
2- karma-runner/karma-runner/karmav5Range: unspecified
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-7x7c-qm48-pq9cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0437ghsaADVISORY
- github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8aghsax_refsource_MISCWEB
- github.com/karma-runner/karma/releases/tag/v6.3.14ghsaWEB
- huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.