cvedb.io
CVE-2025-66459
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-12-02T19:15:53.007 · Last modified 2026-06-17T09:56:52.873

Summary

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, the error field is populated with an error message that contains the bad URL they tried to capture, triggering the XSS. This vulnerability is fixed in 1.35.3.

Affected products

lookyloo — lookyloo

Does this affect you?

Add your gear to cvedb and we'll alert you only when lookyloo ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.