CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25303

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in the error.html template, using the [flask.render_template](https://flask.palletsprojects.com/en/2.1.x/api/flask.render_template) function. However, the error_message is rendered using the [| safe filter](https://jinja.palletsprojects.com/en/3.1.x/templates/working-with-automatic-escaping), meaning the user input is not escaped.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.7%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 4.3

References

Products affected by CVE-2022-25303

Whoogle-Search Project » Whoogle-Search » Version: N/A

cpe:2.3:a:whoogle-search_project:whoogle-search:-
Whoogle-Search Project » Whoogle-Search » Version: 0.0.1

cpe:2.3:a:whoogle-search_project:whoogle-search:0.0.1
Whoogle-Search Project » Whoogle-Search » Version: 0.1.0

cpe:2.3:a:whoogle-search_project:whoogle-search:0.1.0
Whoogle-Search Project » Whoogle-Search » Version: 0.1.1

cpe:2.3:a:whoogle-search_project:whoogle-search:0.1.1
Whoogle-Search Project » Whoogle-Search » Version: 0.1.2

cpe:2.3:a:whoogle-search_project:whoogle-search:0.1.2
Whoogle-Search Project » Whoogle-Search » Version: 0.1.3

cpe:2.3:a:whoogle-search_project:whoogle-search:0.1.3
Whoogle-Search Project » Whoogle-Search » Version: 0.1.4

cpe:2.3:a:whoogle-search_project:whoogle-search:0.1.4
Whoogle-Search Project » Whoogle-Search » Version: 0.2.0

cpe:2.3:a:whoogle-search_project:whoogle-search:0.2.0
Whoogle-Search Project » Whoogle-Search » Version: 0.2.1

cpe:2.3:a:whoogle-search_project:whoogle-search:0.2.1
Whoogle-Search Project » Whoogle-Search » Version: 0.3.0

cpe:2.3:a:whoogle-search_project:whoogle-search:0.3.0
Whoogle-Search Project » Whoogle-Search » Version: 0.3.1

cpe:2.3:a:whoogle-search_project:whoogle-search:0.3.1
Whoogle-Search Project » Whoogle-Search » Version: 0.3.2

cpe:2.3:a:whoogle-search_project:whoogle-search:0.3.2
Whoogle-Search Project » Whoogle-Search » Version: 0.4.0

cpe:2.3:a:whoogle-search_project:whoogle-search:0.4.0
Whoogle-Search Project » Whoogle-Search » Version: 0.4.1

cpe:2.3:a:whoogle-search_project:whoogle-search:0.4.1
Whoogle-Search Project » Whoogle-Search » Version: 0.5.0

cpe:2.3:a:whoogle-search_project:whoogle-search:0.5.0
Whoogle-Search Project » Whoogle-Search » Version: 0.5.1

cpe:2.3:a:whoogle-search_project:whoogle-search:0.5.1
Whoogle-Search Project » Whoogle-Search » Version: 0.5.2

cpe:2.3:a:whoogle-search_project:whoogle-search:0.5.2
Whoogle-Search Project » Whoogle-Search » Version: 0.5.3

cpe:2.3:a:whoogle-search_project:whoogle-search:0.5.3
Whoogle-Search Project » Whoogle-Search » Version: 0.5.4

cpe:2.3:a:whoogle-search_project:whoogle-search:0.5.4
Whoogle-Search Project » Whoogle-Search » Version: 0.6.0

cpe:2.3:a:whoogle-search_project:whoogle-search:0.6.0
Whoogle-Search Project » Whoogle-Search » Version: 0.7.0

cpe:2.3:a:whoogle-search_project:whoogle-search:0.7.0
Whoogle-Search Project » Whoogle-Search » Version: 0.7.1

cpe:2.3:a:whoogle-search_project:whoogle-search:0.7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25303

Products

Pricing

Contact Us