CVE-2024-22417

Summary

CVE-2024-22417 is a cross-site scripting vulnerability found in versions 0.8.3 and earlier of Whoogle Search, a self-hosted metasearch engine. This vulnerability arises from the lack of validation on user-controlled variables (`src_type` and `element_url`) in the `element` method of `app/routes.py`. An attacker can exploit this by crafting a malicious URL and sending it to a victim, who may be deceived due to the link's appearance as a trusted domain. If the victim clicks on the link, it could lead to various consequences, such as credential theft or other forms of deception. The vulnerability affects multiple products (listed in the text), and it can be remediated by updating Whoogle Search to a version that has addressed this issue. The National Vulnerability Database (NVD) rates this vulnerability as medium severity with a base score of 6.1 out of 10, highlighting its potential impact on confidentiality and integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.