CVE-2025-66458

Name of the Vulnerable Software and Affected Versions Lookyloo versions prior to 1.35.3

Description Lookyloo is a web interface used to capture website pages and display a tree of domains that interact with each other. Prior to version 1.35.3, multiple Cross-Site Scripting (XSS) issues exist due to the unsafe use of f-strings in Markup. Exploitation requires a malicious third-party server responding with a JSON document containing JavaScript code within a script element.

Recommendations Update to version 1.35.3 or later.