CVE-2020-35592

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-35592

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35592.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-35592

Published

2021-02-18T20:15:12.370Z

Modified

2025-12-08T23:52:50.948611Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.

References

Affected packages

Git / github.com/pi-hole/adminlte

Affected ranges

Type: GIT
Repo: https://github.com/pi-hole/adminlte
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a03d1bddf74f0164f637126b06705bb659dfa4e7

Last affected

b86e4a3178e46cef9fc738c6a0fb8d0ef0ff2fbc

Last affected

d8d3f316061ba60e0b1dfc6a11f6e917380aca5f

Affected versions

0.*

0.1

1.*

1.0

1.1

1.2

1.2.1

1.3

2.*

2.0.0

2.1.0

2.1.1

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.2

v1.3

v1.4

v1.4.1

v1.4.2

v1.4.3

v1.4.3.1

v1.4.3.1a

v1.4.4

v1.4.4.1

v1.4.4.2

v2.*

v2.0

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.1

v2.1.0-alpha-1

v2.1.0-beta

v2.1.2

v2.2

v2.2.0

v2.3

v2.3.1

v2.4

v2.5

v2.5.1

v2.5.2

v3.*

v3.0

v3.0.1

v3.0.1a

v3.1

v3.2

v3.2.1

v3.3

v4.*

v4.0

v4.1

v4.1.1

v4.2

v4.3

v4.3.2

v4.3.3

v5.*

v5.0

v5.1

v5.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35592.json"

Git / github.com/pi-hole/pi-hole

Affected ranges

Type: GIT
Repo: https://github.com/pi-hole/pi-hole
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4d25f695267590b61a4061f9bb43448005d99b85

Last affected

56cd7c4d59ceb629a2170cd1c8ab78ef26366019

Last affected

e9b039139c468798fb6d9457e4c9012171faee33

Affected versions

2.*

2.0

2.8

V2.*

V2.5.1

V2.9.1

V2.9.2

v2.*

v2.1

v2.10

v2.10.1

v2.10.2

v2.11

v2.11.1

v2.11.2

v2.12

v2.12.1

v2.13

v2.13.1

v2.13.2

v2.2

v2.3

v2.4

v2.5

v2.5.2

v2.5.3

v2.6

v2.6.1

v2.6.1.1

v2.6.1.2

v2.6.2

v2.6.3

v2.7

v2.7.1

v2.8.1

v2.9

v2.9.3

v2.9.4

v2.9.4a

v2.9.5