CNNVD-202510-3491 Information

CNNVD ID

CNNVD-202510-3491

Related CVE

CVE-2025-53533

• CNNVD Published: 2025-10-27

Description (Chinese)

Pi-hole Web Interface是Pi-hole开源的一个仪表板Web界面。 Pi-hole Web Interface 6.2.1及之前版本存在跨站脚本漏洞，该漏洞源于404错误页面未正确清理或转义URL路径，可能导致反射型跨站脚本攻击。

Description (English)

Pi-hole Web Interface is a Web interface for Pi-hole Open Source. Pi-hole Web Interface 6.2.1 and previous versions had a cross-site script loophole, which stemmed from the incorrect page of 404 that did not properly clean up or transpose the URL path, which could result in a reflector-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Pi-hole

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/pi-hole/web/security/advisories/GHSA-w8f8-92rx-4f6w https://access.redhat.com/security/cve/cve-2025-53533

Patch

https://pi-hole.net/