PT-2021-23150 · Pi-Hole · Pi-Hole

Robert Punnett

Published

2021-10-26

Updated

2021-10-28

CVE-2021-41175

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Pi-hole versions prior to 5.8

Description The issue affects Pi-hole's Web interface, which is based on AdminLTE, allowing for cross-site scripting when adding a client via the groups-clients management page. This issue was patched in version 5.8.

Recommendations For versions prior to 5.8, update to version 5.8 to resolve the issue. As a temporary workaround, consider restricting access to the groups-clients management page until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-41175

GHSA-MHR8-7RVG-8R43

Affected Products

Pi-Hole

PT-2021-23150 · Pi-Hole · Pi-Hole

CVE-2021-41175

Weakness Enumeration

Related Identifiers

Affected Products

References · 7