Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3811 | 1 Pi-hole | 1 Web Interface | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3812 | 1 Pi-hole | 1 Web Interface | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-41175 | 1 Pi-hole | 1 Web Interface | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8. | |||||
| CVE-2021-3706 | 1 Pi-hole | 1 Web Interface | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | |||||
| CVE-2021-29448 | 1 Pi-hole | 3 Ftldns, Pi-hole, Web Interface | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details. | |||||