Unrated severityNVD Advisory· Published Dec 24, 2020· Updated Aug 4, 2024
CVE-2020-35659
CVE-2020-35659
Description
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Pi-hole/Pi-holedescription
Patches
Vulnerability mechanics
References
3- blog.mirch.io/2020/12/24/pihole-xss/mitrex_refsource_MISC
- discourse.pi-hole.net/t/pi-hole-core-web-v5-2-2-and-ftl-v5-3-3-released/41998mitrex_refsource_CONFIRM
- github.com/pi-hole/AdminLTE/pull/1665mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.