Vulnerabilities > PI Hole > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-23 CVE-2022-23513 Improper Access Control vulnerability in Pi-Hole Adminlte 5.12/5.13
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more.
network
low complexity
pi-hole CWE-284
5.3
2022-07-07 CVE-2022-31029 Cross-site Scripting vulnerability in Pi-Hole Adminlte
AdminLTE is a Pi-hole Dashboard for stats and configuration.
network
low complexity
pi-hole CWE-79
4.8
2021-09-17 CVE-2021-3811 Cross-site Scripting vulnerability in Pi-Hole web Interface
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
pi-hole CWE-79
4.3
2021-09-17 CVE-2021-3812 Cross-site Scripting vulnerability in Pi-Hole web Interface
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
pi-hole CWE-79
4.3
2021-08-04 CVE-2021-32706 Unspecified vulnerability in Pi-Hole
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics.
network
low complexity
pi-hole
6.5
2021-04-15 CVE-2021-29448 Cross-site Scripting vulnerability in Pi-Hole Ftldns, Pi-Hole and web Interface
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application.
network
pi-hole CWE-79
5.8
2021-02-18 CVE-2020-35591 Session Fixation vulnerability in Pi-Hole 5.0/5.1/5.1.1
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation.
network
pi-hole CWE-384
5.8
2020-12-24 CVE-2020-35659 Cross-site Scripting vulnerability in Pi-Hole
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS.
network
pi-hole CWE-79
4.3
2020-06-23 CVE-2020-14971 Code Injection vulnerability in Pi-Hole
Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them.
local
low complexity
pi-hole CWE-94
4.6
2020-05-29 CVE-2020-8816 OS Command Injection vulnerability in Pi-Hole
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
network
low complexity
pi-hole CWE-78
6.5