Skip to main content

Web Interface CVE-2021-3706

HIGH
Sensitive Cookie Without 'HttpOnly' Flag (CWE-1004)
2021-09-15 security@huntr.dev
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 15, 2021 - 07:15 nvd
HIGH 7.5

DescriptionNVD

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag

AnalysisAI

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-1004. adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag Affected products include: Pi-Hole Web Interface.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-23614 HIGH POC
8.8 Jan 26

Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Rated high severity

CVE-2021-29448 HIGH POC
8.8 Apr 15

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated high severity (CVSS 8.8)

CVE-2021-3812 MEDIUM POC
6.1 Sep 17

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2021-3811 MEDIUM POC
6.1 Sep 17

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2026-26953 MEDIUM POC
5.4 Feb 19

Stored HTML injection in Pi-hole Admin Interface versions 6.0+ allows authenticated attackers to inject arbitrary HTML i

CVE-2021-41175 MEDIUM POC
5.4 Oct 26

Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistic

CVE-2026-33403 MEDIUM
6.1 Apr 06

Reflected DOM-based XSS in Pi-hole Admin Interface versions 6.0 through 6.4 allows unauthenticated attackers to inject a

CVE-2022-41434 MEDIUM
6.1 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

CVE-2026-26952 MEDIUM
5.4 Feb 19

Pi-hole Admin Interface versions 6.4 and below allow authenticated administrators to inject stored HTML code through imp

CVE-2026-33406 MEDIUM
5.4 Apr 06

Stored cross-site scripting (XSS) via HTML attribute injection in Pi-hole Admin Interface versions 6.0 through 6.4 allow

CVE-2022-41433 MEDIUM
4.8 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

CVE-2022-41432 MEDIUM
4.8 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

Share

CVE-2021-3706 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy