CVE-2025-65095 | THREATINT

Description

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1.

PUBLISHED Reserved 2025-11-17 | Published 2025-11-19 | Updated 2025-11-19 | Assigner GitHub_M

CRITICAL: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 1.35.1

affected

References

github.com/...okyloo/security/advisories/GHSA-m9g6-23c8-vrxf

github.com/...ommit/ac2f73dbfcad88b815b18c42cca77a1c645f1726

github.com/.../lookyloo/blob/main/website/web/default_csp.py

vulnerability.circl.lu/vuln/gcve-1-2025-0018

cve.org (CVE-2025-65095)

nvd.nist.gov (CVE-2025-65095)

Download JSON