cbcvebase.
CVE-2022-31029
published 2022-07-07

CVE-2022-31029: AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `alert("XSS")` in the field marked with "Domain to look…

PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.39%
31.1th percentile
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `alert("XSS")` in the field marked with "Domain to look for" and hitting enter (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue.

Affected

1 ranges
VendorProductVersion rangeFixed in
pi-holeadminlte< 5.135.13

CVSS provenance

nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.