99 matches found
Pi-hole Web Interface < 5.8 XSS Vulnerability
The Pi-hole Web Interface previously AdminLTE is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2021-41175
Pi-hole's Web interface based on AdminLTE provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8...
Cross site scripting
Pi-hole's Web interface based on AdminLTE provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8...
CVE-2021-41175
Pi-hole Web Interface (AdminLTE) is affected by a Stored XSS vulnerability in the groups-clients management page. The issue exists prior to version 5.8 and can be triggered when adding a client, enabling an attacker with access to the web UI to inject and execute script in an authenticated contex...
CVE-2021-3812
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3811
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3812
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3811
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross site scripting
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross site scripting
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3812
CVE-2021-3812 affects the Pi-hole Web Interface (AdminLTE) component. The vulnerability is a Cross-site Scripting (XSS) issue caused by improper neutralization of input during web page generation, with multiple sources indicating a reflected XSS in pi-hole/adminlte. Impact is described as potenti...
CVE-2021-3812 Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3811
CVE-2021-3811 affects Pi-hole’s AdminLTE (the Pi-hole web interface). The vulnerability is an XSS in the adminlte component caused by improper neutralization of input during web page generation. The documented impact is a reflected Cross-site Scripting vulnerability exposed via a POST parameter (...
CVE-2021-3811 Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole adminlte suffers from a cross-site scripting vulnerability that stems from the vulnerability to incorrect neutralization of input during web page generation "cross-site scripting"...
Pi-Hole Adminlte 跨站脚本漏洞
Pi-Hole Adminlte is a Pi-Hole control panel. It is used for statistical More... Pi-Hole adminlte suffers from a cross-site scripting vulnerability that stems from the vulnerability to incorrect neutralization of input during web page generation "cross-site scripting"...
CVE-2021-3706
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag...
CVE-2021-3706
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag...
Design/Logic Flaw
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag...
CVE-2021-3706
The CVE-2021-3706 entry affects Pi-hole’s AdminLTE-based web interface. Affected component: the adminlte/persistentlogin cookie is set without the HttpOnly flag, making the cookie accessible to JavaScript and susceptible to theft via XSS. The OpenVAS PoC documents show a login flow where the pers...