VYPR
Unrated severityNVD Advisory· Published Feb 18, 2021· Updated Aug 4, 2024

CVE-2020-35592

CVE-2020-35592

Description

Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pi-hole/Pi-holedescription
  • Pi Hole/Pi Holellm-fuzzy
    Range: 5.0, 5.1, 5.1.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.