Nothing Special   »   [go: up one dir, main page]

Skip to content

Authenticated XSS in "scripts/pi-hole/php/queryads.php"

Low
rdwebdesign published GHSA-cfr5-rqm5-9vhp Jul 7, 2022

Package

No package listed

Affected versions

<=v 5.12

Patched versions

v5.13

Description

Impact

Inserting code like <script>alert("XSS")</script> in the field marked with "Domain to look for" and hitting enter (or clicking on any of the buttons) will execute the script.

The user must be logged in to use this vulnerability.
Usually only administrators have login access to pi-hole, minimizing the risks.

Screenshot 2022-06-03 123533

Workarounds

Users can manually make the same code modifications on their installations.

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2022-31029

Weaknesses

Credits