{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36141?format=json","vulnerability_id":"VCID-yjxr-dqrk-ubdp","summary":"The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in the error.html template, using the [flask.render_template](https://flask.palletsprojects.com/en/2.1.x/api/flask.render_template) function. However, the error_message is rendered using the [| safe filter](https://jinja.palletsprojects.com/en/3.1.x/templates/working-with-automatic-escaping), meaning the user input is not escaped.","aliases":[{"alias":"CVE-2022-25303"},{"alias":"GHSA-mxvc-fwgx-j778"},{"alias":"PYSEC-2022-226"},{"alias":"SNYK-PYTHON-WHOOGLESEARCH-2803306"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28463?format=json","purl":"pkg:pypi/whoogle-search@0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.7.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28445?format=json","purl":"pkg:pypi/whoogle-search@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28446?format=json","purl":"pkg:pypi/whoogle-search@0.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/28447?format=json","purl":"pkg:pypi/whoogle-search@0.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/28448?format=json","purl":"pkg:pypi/whoogle-search@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28449?format=json","purl":"pkg:pypi/whoogle-search@0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/28450?format=json","purl":"pkg:pypi/whoogle-search@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28451?format=json","purl":"pkg:pypi/whoogle-search@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/28452?format=json","purl":"pkg:pypi/whoogle-search@0.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/28453?format=json","purl":"pkg:pypi/whoogle-search@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28454?format=json","purl":"pkg:pypi/whoogle-search@0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/28455?format=json","purl":"pkg:pypi/whoogle-search@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28456?format=json","purl":"pkg:pypi/whoogle-search@0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/28457?format=json","purl":"pkg:pypi/whoogle-search@0.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/28458?format=json","purl":"pkg:pypi/whoogle-search@0.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/28459?format=json","purl":"pkg:pypi/whoogle-search@0.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/28460?format=json","purl":"pkg:pypi/whoogle-search@0.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28461?format=json","purl":"pkg:pypi/whoogle-search@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/28462?format=json","purl":"pkg:pypi/whoogle-search@0.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4248-h1sg-p7bt"},{"vulnerability":"VCID-76pn-8ah2-afax"},{"vulnerability":"VCID-n1ds-8jch-jffw"},{"vulnerability":"VCID-rhzd-nrxh-fffs"},{"vulnerability":"VCID-yjxr-dqrk-ubdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/whoogle-search@0.7.1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25303","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.5374","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25303"},{"reference_url":"https://github.com/advisories/GHSA-mxvc-fwgx-j778","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxvc-fwgx-j778"},{"reference_url":"https://github.com/benbusby/whoogle-search","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/benbusby/whoogle-search"},{"reference_url":"https://github.com/benbusby/whoogle-search/blob/6d362ca5c7a00d2f691a2512461c5dfbfc01cbb3/app/routes.py%23L448","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/benbusby/whoogle-search/blob/6d362ca5c7a00d2f691a2512461c5dfbfc01cbb3/app/routes.py%23L448"},{"reference_url":"https://github.com/benbusby/whoogle-search/commit/abc30d7da3b5c67be7ce84d4699f327442d44606","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/benbusby/whoogle-search/commit/abc30d7da3b5c67be7ce84d4699f327442d44606"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/whoogle-search/PYSEC-2022-226.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/whoogle-search/PYSEC-2022-226.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25303","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25303"},{"reference_url":"https://snyk.io/vuln/SNYK-PYTHON-WHOOGLESEARCH-2803306","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PYTHON-WHOOGLESEARCH-2803306"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjxr-dqrk-ubdp"}