Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, the error field is populated with an error message that contains the bad URL they tried to capture, triggering the XSS. This vulnerability is fixed in 1.35.3.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Lookyloo 跨站脚本漏洞

Lookyloo是Lookyloo开源的一个网站捕获工具。 Lookyloo 1.35.3之前版本存在跨站脚本漏洞，该漏洞源于错误消息中未过滤URL，可能导致跨站脚本攻击。

N/A

N/A