Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Web_interface
(Pi\-Hole)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-26 | CVE-2023-23614 | Pi-holeĀ®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an attacker to "pass the hash" to login or reuse a theoretically expired "remember me" cookie. It also exposes the hash over the network and stores it unnecessarily in the browser. The cookie itself is... | Web_interface | 8.8 | ||
| 2021-09-15 | CVE-2021-3706 | adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | Web_interface | 7.5 | ||
| 2021-10-26 | CVE-2021-41175 | Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8. | Web_interface | 5.4 | ||
| 2021-09-17 | CVE-2021-3811 | adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Web_interface | 6.1 | ||
| 2021-09-17 | CVE-2021-3812 | adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Web_interface | 6.1 | ||
| 2021-04-15 | CVE-2021-29448 | Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details. | Ftldns, Pi\-Hole, Web_interface | 8.8 |