Approved changes feed: RSS · Atom

cpe:2.3:a:pi-hole:pi-hole:5.0:*:*:*:*:*:*:*

part: a version: 5.0 update: *

VendorPi Hole (525d0520-023b-5ac7-adae-b0bb743ce667)
ProductPi Hole (78c250c9-8027-5223-a813-a347760e361e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/pi-hole/adminlte purl2cpe 2026-06-01 10:10:56.987654
pkg:github/pi-hole/pi-hole purl2cpe 2026-06-01 10:10:56.987656

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-35592 vulnerable 2026-06-08 05:25:01.420743 Details available
Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie.
Published: 2021-02-18T19:29:40.000Z
Updated: 2024-08-04T17:09:14.207Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-35591 vulnerable 2026-06-08 05:25:01.418548 Details available
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
Published: 2021-02-18T19:26:56.000Z
Updated: 2024-08-04T17:09:14.106Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.