Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)
Vulnerability Description
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management section. An authenticated user can inject malicious JavaScript by adding a payload to the Address field when creating or editing a list entry. The vulnerability is triggered when another user navigates to the Tools section and performs a gravity database update. The Address field does not properly sanitize input, allowing special characters and script tags to bypass validation. This has been patched in version 6.3.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Pi-hole Web Interface 跨站脚本漏洞
Vulnerability Description
Pi-hole Web Interface是Pi-hole开源的一个仪表板Web界面。 Pi-hole Web Interface 6.3之前版本存在跨站脚本漏洞,该漏洞源于Address字段输入清理不当,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A