CVE-2025-66459

Name of the Vulnerable Software and Affected Versions Lookyloo versions prior to 1.35.3

Description Lookyloo is a web interface used to capture website pages and display a tree of domains that interact with each other. A cross-site scripting (XSS) issue can occur when a user submits URLs for capture, including one containing a HTML element that causes the capture to fail. The resulting error message, which includes the problematic URL, is then displayed without proper sanitization, leading to XSS. The issue is triggered when the error field is populated with the bad URL.

Recommendations Update Lookyloo to version 1.35.3 or later.