Adminlte Security Vulnerabilities and Issues — Adminlte CVE List

Lucene search

Pi-holeAdminlte

7 matches found

CVE•added 2021/04/15 4:15 p.m.•81 views

CVE-2021-29448

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.

8.8CVSS7.9AI score0.00303EPSS

CVE•added 2022/12/23 12:15 a.m.•76 views

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this vulnerabi...

5.3CVSS5.2AI score0.06619EPSS

CVE•added 2023/01/26 9:18 p.m.•73 views

CVE-2023-23614

Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an at...

8.8CVSS8.6AI score0.00172EPSS

CVE•added 2022/07/07 10:15 p.m.•67 views

CVE-2022-31029

AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like in the field marked with "Domain to look for" and hitting enter (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only admi...

5.9CVSS5.3AI score0.00223EPSS

CVE•added 2021/08/04 6:15 p.m.•66 views

CVE-2021-32706

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the validDomainWildcard preg_match filter allows a malicious character through that can be used to execute code, list directories, and ov...

8.8CVSS8.1AI score0.59444EPSS

CVE•added 2021/10/26 2:15 p.m.•51 views

CVE-2021-41175

Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8.

7.3CVSS5.5AI score0.00425EPSS

CVE•added 2021/08/04 6:15 p.m.•49 views

CVE-2021-32793

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added as...

5.7CVSS4.9AI score0.00221EPSS