Vulnerabilities

CVE-2020-35659

by Fred · 24/12/2020

The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page.

Date published : 2020-12-24

https://discourse.pi-hole.net/t/pi-hole-core-web-v5-2-2-and-ftl-v5-3-3-released/41998

Pi-hole Patches Critical Stored XSS Vulnerability

Similar

Tags: Cybersecurity Alert