Reflected Cross-Site Scripting Vulnerability in Pi-hole by Pi-hole LLC
CVE-2020-35592

5.4MEDIUM

Key Information:

Vendor

Pi-hole

Status
Pi-hole
Vendor
CVE Published:
18 February 2021

What is CVE-2020-35592?

Pi-hole versions 5.0, 5.1, and 5.1.1 are vulnerable to a Reflected Cross-Site Scripting (XSS) attack through improper handling of the Options header in the admin/ URI. This flaw enables a remote attacker to introduce arbitrary web scripts or HTML into the application. If successfully exploited, this could allow an attacker to compromise user sessions by stealing session cookies, potentially leading to unauthorized access and actions within the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://discourse.pi-hole.net/c/announcements/5
x_refsource_MISC
https://n4nj0.github.io/advisories/pi-hole-multiple-vulne...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.