3 matches found
CVE-2025-30008
CVE-2025-30008 affects HestiaCP prior to 1.9.5. A stored XSS exists in the DNS record management interface: an authenticated, low-privilege user can insert HTML by crafting a DNS record value starting with a double-quote, which is rendered in the data-sort-value attribute in list_dns_rec.php with...
Froxlor 安全漏洞
Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.7 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the DomainZones.add API endpoint did not clean newline characters from TXT records,...
PT-2026-30866
FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...