F4Bz1993

**Name of the Vulnerable Software and Affected Versions** Pi-hole Admin Interface versions prior to 6.3 **Description** The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, is susceptible to a cross-site scripting (XSS) issue. This occurs through the `Address` field within the Subscribed Lists group management section. An authenticated user can introduce malicious JavaScript code by adding a payload to the `Address` field during the creation or modification of a list entry. The vulnerability is activated when another user accesses the Tools section and initiates a gravity database update. The `Address` field lacks adequate input sanitization, permitting special characters and script tags to circumvent validation. **Recommendations** Versions prior to 6.3 should be updated to version 6.3.