CNNVD-202512-171 Information
CNNVD ID
CNNVD-202512-171
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
Lookyloo是Lookyloo开源的一个网站捕获工具。 Lookyloo 1.35.3之前版本存在跨站脚本漏洞,该漏洞源于错误消息中未过滤URL,可能导致跨站脚本攻击。
Description (English)
Lokylo is a web catch tool for Lokylo Open Source. The previous version of Lokylo 1.35.3 had a cross-site script loophole, which originated from the fact that the URL was not filtered in the wrong message and could lead to cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Published
2025-12-02
Last Modified
2026-02-24
References
https://github.com/Lookyloo/lookyloo/security/advisories/GHSA-hvmh-j2jx-48wg https://github.com/Lookyloo/lookyloo/commit/1850a34b8cec52438df3b544295b20cfa35f8ad1 https://github.com/Lookyloo/lookyloo/commit/8c3ab96de44c1ce15646d734aa06faf884329116 https://github.com/Lookyloo/lookyloo/commit/95cdc00fe37fd89790fa89bb3ee3fefa2da38442 https://access.redhat.com/security/cve/cve-2025-66459
Patch
https://github.com/Lookyloo/lookyloo/releases
Share on: