Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2025-65095

CVE-2025-65095

9.4

Critical

Published:19 Nov 2025

Last updated:17 Jun 2026

Source:security-advisories@github.com

Deferred

Weakness (CWE)

CWE-79Cross-site Scripting (XSS)

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: None
User Interaction: Active
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1.

References

security-advisories@github.com

https://github.com/Lookyloo/lookyloo/blob/main/website/web/default_csp.py

security-advisories@github.com

https://github.com/Lookyloo/lookyloo/commit/ac2f73dbfcad88b815b18c42cca77a1c645f1726

security-advisories@github.com

https://github.com/Lookyloo/lookyloo/security/advisories/GHSA-m9g6-23c8-vrxf

security-advisories@github.com

https://vulnerability.circl.lu/vuln/gcve-1-2025-0018