Vulnerability Details CVE-2021-29448
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 7.6
CVSS v2 Score 5.8
References
Products affected by CVE-2021-29448
-
cpe:2.3:a:pi-hole:ftldns:5.7
-
cpe:2.3:a:pi-hole:pi-hole:5.2.4
-
cpe:2.3:a:pi-hole:web_interface:-
-
cpe:2.3:a:pi-hole:web_interface:0.1
-
cpe:2.3:a:pi-hole:web_interface:1.0
-
cpe:2.3:a:pi-hole:web_interface:1.0.0
-
cpe:2.3:a:pi-hole:web_interface:1.1
-
cpe:2.3:a:pi-hole:web_interface:1.1.0
-
cpe:2.3:a:pi-hole:web_interface:1.1.1
-
cpe:2.3:a:pi-hole:web_interface:1.1.2
-
cpe:2.3:a:pi-hole:web_interface:1.1.3
-
cpe:2.3:a:pi-hole:web_interface:1.1.4
-
cpe:2.3:a:pi-hole:web_interface:1.1.5
-
cpe:2.3:a:pi-hole:web_interface:1.1.6
-
cpe:2.3:a:pi-hole:web_interface:1.1.7
-
cpe:2.3:a:pi-hole:web_interface:1.2
-
cpe:2.3:a:pi-hole:web_interface:1.2.1
-
cpe:2.3:a:pi-hole:web_interface:1.3
-
cpe:2.3:a:pi-hole:web_interface:1.3.0
-
cpe:2.3:a:pi-hole:web_interface:1.4
-
cpe:2.3:a:pi-hole:web_interface:1.4.1
-
cpe:2.3:a:pi-hole:web_interface:1.4.2
-
cpe:2.3:a:pi-hole:web_interface:1.4.3
-
cpe:2.3:a:pi-hole:web_interface:1.4.3.1
-
cpe:2.3:a:pi-hole:web_interface:1.4.3.1a
-
cpe:2.3:a:pi-hole:web_interface:1.4.4
-
cpe:2.3:a:pi-hole:web_interface:1.4.4.1
-
cpe:2.3:a:pi-hole:web_interface:1.4.4.2
-
cpe:2.3:a:pi-hole:web_interface:2.0.0
-
cpe:2.3:a:pi-hole:web_interface:2.0.1
-
cpe:2.3:a:pi-hole:web_interface:2.0.2
-
cpe:2.3:a:pi-hole:web_interface:2.0.3
-
cpe:2.3:a:pi-hole:web_interface:2.0.4
-
cpe:2.3:a:pi-hole:web_interface:2.0.5
-
cpe:2.3:a:pi-hole:web_interface:2.1.0
-
cpe:2.3:a:pi-hole:web_interface:2.1.1
-
cpe:2.3:a:pi-hole:web_interface:2.1.2
-
cpe:2.3:a:pi-hole:web_interface:2.2.0
-
cpe:2.3:a:pi-hole:web_interface:2.3
-
cpe:2.3:a:pi-hole:web_interface:2.3.1
-
cpe:2.3:a:pi-hole:web_interface:2.4
-
cpe:2.3:a:pi-hole:web_interface:2.5
-
cpe:2.3:a:pi-hole:web_interface:2.5.1
-
cpe:2.3:a:pi-hole:web_interface:2.5.2
-
cpe:2.3:a:pi-hole:web_interface:3.0
-
cpe:2.3:a:pi-hole:web_interface:3.0.1
-
cpe:2.3:a:pi-hole:web_interface:3.0.1a
-
cpe:2.3:a:pi-hole:web_interface:3.1
-
cpe:2.3:a:pi-hole:web_interface:3.2
-
cpe:2.3:a:pi-hole:web_interface:3.2.1
-
cpe:2.3:a:pi-hole:web_interface:3.3
-
cpe:2.3:a:pi-hole:web_interface:4.0
-
cpe:2.3:a:pi-hole:web_interface:4.1
-
cpe:2.3:a:pi-hole:web_interface:4.1.1
-
cpe:2.3:a:pi-hole:web_interface:4.2
-
cpe:2.3:a:pi-hole:web_interface:4.3
-
cpe:2.3:a:pi-hole:web_interface:4.3.2
-
cpe:2.3:a:pi-hole:web_interface:4.3.3
-
cpe:2.3:a:pi-hole:web_interface:5.0
-
cpe:2.3:a:pi-hole:web_interface:5.1
-
cpe:2.3:a:pi-hole:web_interface:5.1.1
-
cpe:2.3:a:pi-hole:web_interface:5.2
-
cpe:2.3:a:pi-hole:web_interface:5.2.1
-
cpe:2.3:a:pi-hole:web_interface:5.2.2
-
cpe:2.3:a:pi-hole:web_interface:5.3
-
cpe:2.3:a:pi-hole:web_interface:5.3.1
-
cpe:2.3:a:pi-hole:web_interface:5.3.2
-
cpe:2.3:a:pi-hole:web_interface:5.4