Security Advisory

CVE-2020-35659

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-24 15:59:04

Last updated 2024-08-04 17:09:14

Assigner mitre

State PUBLISHED

Description

The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page.

← Browse all CVEs View on cve.org ↗