Skip to main content

Web Interface CVE-2021-41175

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-10-26 security-advisories@github.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 26, 2021 - 14:15 nvd
MEDIUM 5.4

DescriptionNVD

Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8.

AnalysisAI

Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8. Affected products include: Pi-Hole Web Interface. Version information: version 5.8.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-23614 HIGH POC
8.8 Jan 26

Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Rated high severity

CVE-2021-29448 HIGH POC
8.8 Apr 15

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Rated high severity (CVSS 8.8)

CVE-2021-3706 HIGH POC
7.5 Sep 15

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2021-3812 MEDIUM POC
6.1 Sep 17

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2021-3811 MEDIUM POC
6.1 Sep 17

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2026-26953 MEDIUM POC
5.4 Feb 19

Stored HTML injection in Pi-hole Admin Interface versions 6.0+ allows authenticated attackers to inject arbitrary HTML i

CVE-2026-33403 MEDIUM
6.1 Apr 06

Reflected DOM-based XSS in Pi-hole Admin Interface versions 6.0 through 6.4 allows unauthenticated attackers to inject a

CVE-2022-41434 MEDIUM
6.1 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

CVE-2026-26952 MEDIUM
5.4 Feb 19

Pi-hole Admin Interface versions 6.4 and below allow authenticated administrators to inject stored HTML code through imp

CVE-2026-33406 MEDIUM
5.4 Apr 06

Stored cross-site scripting (XSS) via HTML attribute injection in Pi-hole Admin Interface versions 6.0 through 6.4 allow

CVE-2022-41433 MEDIUM
4.8 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

CVE-2022-41432 MEDIUM
4.8 Nov 08

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the

Share

CVE-2021-41175 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy