Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/04/06 2:48 p.m.27 views

CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

3.4CVSS0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/06 2:48 p.m.5 views

CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....

3.4CVSS5.9AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 2:48 p.m.10 views

CVE-2026-33404

Pi-hole Admin Interface (Pi-hole) up to version 6.5 is affected by a stored XSS in the Network page and Dashboard tooltips due to unescaped DOM rendering of client hostnames and IPs from the FTL database in network.js and charts.js/index.js. The issue occurs for 6.0 through before 6.5, when user-...

6.1CVSS5.9AI score0.00145EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2013/09/04 6:45 p.m.5 views

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS7.2AI score0.22913EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/09/04 6:43 p.m.5 views

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS7.2AI score0.22913EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/07/03 4:18 p.m.4 views

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS7.2AI score0.22913EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/05/13 6:1 p.m.6 views

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS7.2AI score0.22913EPSS
Exploits2References4
Apache Httpd
Apache Httpd
added 2012/07/11 12:0 a.m.51 views

Apache Httpd < 2.4.4 : XSS due to unescaped hostnames

Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...

4.3CVSS0.9AI score0.22913EPSS
Exploits2Affected Software1
Rows per page
Query Builder