Описание
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.5 (исключая)
Одно из
cpe:2.3:a:pi-hole:ftldns:5.7:*:*:*:*:*:*:*
cpe:2.3:a:pi-hole:pi-hole:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:pi-hole:web_interface:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00303
Низкий
7.6 High
CVSS3
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-79
CWE-79
EPSS
Процентиль: 53%
0.00303
Низкий
7.6 High
CVSS3
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-79
CWE-79