The DNS query log in Pi-hole prior to 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pi-hole pi-hole |