CVE-2025-66458
Lookyloo has multiple XSS due to unsafe use of f-strings in Markup
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document containing JS code in a script element. This vulnerability is fixed in 1.35.3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Lookyloo · lookylooQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →