Lucene search

K
cve[email protected]CVE-2022-31029
HistoryJul 07, 2022 - 10:15 p.m.

CVE-2022-31029

2022-07-0722:15:08
CWE-79
web.nvd.nist.gov
43
5
adminlte
pi-hole
dashboard
xss
security vulnerability
cve-2022-31029
nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

5.2 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

19.4%

AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like &lt;script&gt;alert("XSS")&lt;/script&gt; in the field marked with β€œDomain to look for” and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue.

Affected configurations

Vulners
NVD
Node
pi-holeadminlteRange<5.13
VendorProductVersionCPE
pi\-holeadminlte*cpe:2.3:a:pi\-hole:adminlte:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "AdminLTE",
    "vendor": "pi-hole",
    "versions": [
      {
        "status": "affected",
        "version": "< 5.13"
      }
    ]
  }
]

Social References

More

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

5.2 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

19.4%

Related for CVE-2022-31029