Description

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, the error field is populated with an error message that contains the bad URL they tried to capture, triggering the XSS. This vulnerability is fixed in 1.35.3.

INFO

Published Date :

2025-12-02T18:32:59.256Z

Last Modified :

2025-12-02T19:28:42.081Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66459 vulnerability.

Vendors Products
Lookyloo
  • Lookyloo
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66459.

URL Resource
https://github.com/Lookyloo/lookyloo/commit/1850a34b8cec52438df3b544295b20cfa35f8ad1 cve-icon cve-icon
https://github.com/Lookyloo/lookyloo/commit/8c3ab96de44c1ce15646d734aa06faf884329116 cve-icon cve-icon
https://github.com/Lookyloo/lookyloo/commit/95cdc00fe37fd89790fa89bb3ee3fefa2da38442 cve-icon cve-icon
https://github.com/Lookyloo/lookyloo/security/advisories/GHSA-hvmh-j2jx-48wg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact