VYPR
Vendor

Lookyloo

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2025-65095CriNov 19, 2025
    risk 0.54cvss epss 0.00

    Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1.

  • CVE-2026-44439HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.00

    PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms,…

  • CVE-2025-66460Dec 2, 2025
    risk 0.00cvss epss 0.00

    Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely…

  • CVE-2025-66459Dec 2, 2025
    risk 0.00cvss epss 0.00

    Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the…

  • CVE-2025-66458Dec 2, 2025
    risk 0.00cvss epss 0.00

    Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a…