Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS Vulnerability in the Pi-hole Webinterface
Vulnerability Description
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added as a wildcard domain to a blocklist or allowlist is unfiltered in the web interface. Since the payload is stored permanently as a wildcard domain, this is a persistent XSS vulnerability. A remote attacker can therefore attack administrative user accounts through client-side attacks. Pi-hole Web Interface version 5.5.1 contains a patch for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Pi-hole 跨站脚本漏洞
Vulnerability Description
Pi-hole是Pi-hole公司的一款网络级广告拦截应用程序。 Pi-hole 5.5.1之前版本存在跨站脚本漏洞,该漏洞源于Pi-hole的Web界面提供了一个中央位置来管理Pi-hole实例和检查性能统计信息,在Pi-hole Web界面5.5.1版本之前,将域添加到阻止列表或允许列表的功能未进行有效过滤和清理,容易受到存储的跨站点脚本漏洞的攻击。远程攻击者利用该漏洞可以通过客户端攻击来攻击系统管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A