Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HPi Hole Ftldns
APPPi-Hole5.7Pi Hole
APPPi-Hole5.2.4Pi Hole Web Interface
APPPi-Hole< 5.5
Powiązane podatności
Command Injection w Pi-hole do wersji 3.3 — nieautoryzowane wykonanie poleceń OS
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHC...
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions bef...
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. Fro...
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. Fro...