Web Interface
CVE-2021-3706
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag
AnalysisAI
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-1004. adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag Affected products include: Pi-Hole Web Interface.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Web Interface
View allPi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Rated high severity
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated high severity (CVSS 8.8)
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me
adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me
Stored HTML injection in Pi-hole Admin Interface versions 6.0+ allows authenticated attackers to inject arbitrary HTML i
Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistic
Reflected DOM-based XSS in Pi-hole Admin Interface versions 6.0 through 6.4 allows unauthenticated attackers to inject a
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the
Pi-hole Admin Interface versions 6.4 and below allow authenticated administrators to inject stored HTML code through imp
Stored cross-site scripting (XSS) via HTML attribute injection in Pi-hole Admin Interface versions 6.0 through 6.4 allow
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the
Same weakness CWE-1004 – Sensitive Cookie Without 'HttpOnly' Flag
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today