CVE-2022-31029

Summary

AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like &lt;script&gt;alert(&#34;XSS&#34;)&lt;/script&gt; in the field marked with "Domain to look for" and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue.

Affected Software

VendorProductVersion RangeStatus
pi-holeAdminLTE< 5.13affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References