CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

KuaiFanCMS Arbitrary File Read Vulnerability

KuaiFanCMS later referred to as KF using PHP5 + MYSQL as the technical basis for the development of KF using the Smarty template engine to build a site system. KuaiFanCMS V5 has a security vulnerability, the vulnerability stems from KuaiFanCMS V5 in chakanhtml.module.php file HTML url parameter...

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

PHP168 V6. 0 2 the entire Station system remote arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

author:Luc1f3r blog:http://hi.baidu.com/luc1f3r Vulnerability in inc/function. inc. php inside. gethtmlurlthis function. function gethtmlurl global $rsdb,$aid,$fidDB,$webdb,$fid,$page,$showHtmlType,$HtmlType; $id=$aid; if$page1 $page=1; $postdbposttime=$rsdbposttime; if$showHtmlTypebencandy$id...