Stored XSS Vulnerability in Pi-hole Admin Portal

Stored XSS Vulnerability in Pi-hole Admin Portal

CVE-2021-29448 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.