HIGH🇵🇱 Wersja polska

CVE-2021-29448

CVSS 7.6v3.1pub. 2021-04-15upd. 2024-11-21

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
  • Pi Hole Ftldns

    APP
    Pi-Hole
    5.7
  • Pi Hole

    APP
    Pi-Hole
    5.2.4
  • Pi Hole Web Interface

    APP
    Pi-Hole
    < 5.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-34087CRITICAL9.0PL ✓ten sam produkt

Command Injection w Pi-hole do wersji 3.3 — nieautoryzowane wykonanie poleceń OS

CVE-2020-8816HIGH7.2⚠ KEVten sam produkt

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHC...

CVE-2026-39849HIGH8.7ten sam produkt

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions bef...

CVE-2026-35517HIGH8.8ten sam produkt

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. Fro...

CVE-2026-35518HIGH8.8ten sam produkt

FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. Fro...