CVE-2021-29448

Summary

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.

Affected Software

VendorProductVersion RangeStatus
pi-holeAdminLTE<= 5.4affected

Weaknesses

  • CWE-79: {"CWE-79":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}

ADP Enrichment

CVE Program Container

Additional References

References