CVE-2021-41175

Опубликовано: 26 окт. 2021

Источник: nvd

CVSS3: 7.3

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8.

Ссылки

https://github.com/pi-hole/AdminLTE/commit/01191c7a1b8d5032991ed9d88e0db8d3dbec744d
Patch
Third Party Advisory
https://github.com/pi-hole/AdminLTE/releases/tag/v5.8
Release Notes
Third Party Advisory
https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-mhr8-7rvg-8r43
Exploit
Third Party Advisory
https://github.com/pi-hole/AdminLTE/commit/01191c7a1b8d5032991ed9d88e0db8d3dbec744d
Patch
Third Party Advisory
https://github.com/pi-hole/AdminLTE/releases/tag/v5.8
Release Notes
Third Party Advisory
https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-mhr8-7rvg-8r43
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pi-hole:web_interface:*:*:*:*:*:*:*:*

Версия до 5.8 (исключая)

EPSS

Процентиль: 62%

0.00425

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

EPSS

Процентиль: 62%

0.00425

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79