CVE-2020-35592

CVE-2020-35592

Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.

Source: CVE-2020-35592

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다