Cross Site Scripting (XSS)

whooglesearch is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper validation of user-controlled srctype and elementurl variables within requests.py. This flaw allows an attacker to control the HTTP response content type and craft a special URL to point to a malicious...

Server Side Request Forgery (SSRF)

whooglesearch is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to not sanitizing user-supplied data from the location variable in the window endpoint which passes the same user supplied input to send method within request.py. This can be exploited to send crafted GET...