Skip to main content

Web Interface CVE-2021-3812

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-09-17 security@huntr.dev
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 17, 2021 - 07:15 nvd
MEDIUM 6.1

DescriptionNVD

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AnalysisAI

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected products include: Pi-Hole Web Interface.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-23614 HIGH POC
8.8 Jan 26

Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Rated high severity

CVE-2021-29448 HIGH POC
8.8 Apr 15

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated high severity (CVSS 8.8)

CVE-2021-3706 HIGH POC
7.5 Sep 15

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2021-3811 MEDIUM POC
6.1 Sep 17

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2026-26953 MEDIUM POC
5.4 Feb 19

Stored HTML injection in Pi-hole Admin Interface versions 6.0+ allows authenticated attackers to inject arbitrary HTML i

CVE-2021-41175 MEDIUM POC
5.4 Oct 26

Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistic

CVE-2026-33403 MEDIUM
6.1 Apr 06

Reflected DOM-based XSS in Pi-hole Admin Interface versions 6.0 through 6.4 allows unauthenticated attackers to inject a

CVE-2022-41434 MEDIUM
6.1 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

CVE-2026-26952 MEDIUM
5.4 Feb 19

Pi-hole Admin Interface versions 6.4 and below allow authenticated administrators to inject stored HTML code through imp

CVE-2026-33406 MEDIUM
5.4 Apr 06

Stored cross-site scripting (XSS) via HTML attribute injection in Pi-hole Admin Interface versions 6.0 through 6.4 allow

CVE-2022-41433 MEDIUM
4.8 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

CVE-2022-41432 MEDIUM
4.8 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

Share

CVE-2021-3812 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy