Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte
CVE-2021-3812

6.7MEDIUM

Key Information:

Vendor: Pi-hole
Status: Pi-hole/adminlte
Vendor: CVE Published:; 17 September 2021

🔔 Create Pi-hole Vulnerability Alert

What is CVE-2021-3812?

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected Version(s)

pi-hole/adminlte < 5.6

References

https://github.com/pi-hole/adminlte/commit/f526716de7bb0f...

x_refsource_MISC

https://huntr.dev/bounties/875a6885-9a64-46f3-94ad-92f40f...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2021
Vulnerability Reserved
Sep 17, 2021

CVE-2021-3812 Data

JSON