Lucene search
PRIOn knowledge basePRION:CVE-2022-25303HistoryJul 12, 2022 - 3:15 p.m.
Cross site scripting
2022-07-1215:15:00
PRIOn knowledge base
www.prio-n.com
4
0.001 Low
EPSS
Percentile
30.9%
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in the error.html template, using the flask.render_template function. However, the error_message is rendered using the | safe filter, meaning the user input is not escaped.
| CPE | Name | Operator | Version |
|---|---|---|---|
| whoogle-search | lt | 0.7.2 |
Related
nvd
nvd
CVE-2022-25303
2022-07-12 15:15:09
osv
osv
Whoogle Search Cross-site Scripting via string parameter
2022-07-15 15:37:39
PYSEC-2022-226
2022-07-12 15:15:00
CVE-2022-25303
2022-07-12 15:15:09
veracode
veracode
Cross-site Scripting (XSS)
2022-07-13 09:05:11
cve
cve
CVE-2022-25303
2022-07-12 15:15:09
cvelist
cvelist
CVE-2022-25303 Cross-site Scripting (XSS)
2022-07-12 00:00:00
github
github
Whoogle Search Cross-site Scripting via string parameter
2022-07-15 15:37:39