Open redirect in karma
The package karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Advisories for Npm/Karma package
2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - DOM in NPM karma