PyPI package
whoogle-search
pkg:pypi/whoogle-search
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-53305 | — | < 0.9.1 | 0.9.1 | Apr 16, 2025 | An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query. | ||
| CVE-2024-22417 | — | < 0.8.4 | 0.8.4 | Jan 23, 2024 | Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 i | ||
| CVE-2024-22205 | — | < 0.8.4 | 0.8.4 | Jan 23, 2024 | Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to | ||
| CVE-2024-22204 | — | < 0.8.4 | 0.8.4 | Jan 23, 2024 | Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 an | ||
| CVE-2024-22203 | — | < 0.8.4 | 0.8.4 | Jan 23, 2024 | Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in ` | ||
| CVE-2022-25303 | — | < 0.7.2 | 0.7.2 | Jul 12, 2022 | The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in the error.html template, using the [flask.r |
- CVE-2024-53305Apr 16, 2025affected < 0.9.1fixed 0.9.1
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.
- CVE-2024-22417Jan 23, 2024affected < 0.8.4fixed 0.8.4
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 i
- CVE-2024-22205Jan 23, 2024affected < 0.8.4fixed 0.8.4
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to
- CVE-2024-22204Jan 23, 2024affected < 0.8.4fixed 0.8.4
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 an
- CVE-2024-22203Jan 23, 2024affected < 0.8.4fixed 0.8.4
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `
- CVE-2022-25303Jul 12, 2022affected < 0.7.2fixed 0.7.2
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in the error.html template, using the [flask.r