Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
312
VMScore

CVE-2020-35592

Published: 18/02/2021 Updated: 24/02/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Pi-hole

Vulnerability Summary

Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pi-hole pi-hole 5.0

pi-hole pi-hole 5.1

pi-hole pi-hole 5.1.1

Vendor Advisories

Check Point Security Alerts: Cross-Site Scripting Over HTTP Headers (CVE-2004-0705; CVE-2005-2869; CVE-2006-4747; CVE-2010-4841; CVE-2016-6285; CVE-2020-20285; CVE-2020-25786; CVE-2020-26574; CVE-2020-35592; CVE-2020-9016; CVE-2021-37216; CVE-2022-35416; CVE-2023-1861; CVE-2023-41642)
Check Point Reference: CPAI-2023-0799 Date Published: 17 Oct 2023 Severity: Critical ...

References

CWE-79https://n4nj0.github.io/advisories/pi-hole-multiple-vulnerabilities-i/https://discourse.pi-hole.net/c/announcements/5https://nvd.nist.govhttps://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-0799.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook