CVE-2022-31029 — MEDIUM (5.9) — White Hats Nepal

` in the field marked with \"Domain to look for\" and hitting ent... CVSS 5.9 MEDIUM.", "author": {"@type": "Organization", "name": "White Hats Nepal"}, "publisher": {"@id": "https://blog.pentestnepal.tech/#organization"}, "datePublished": "2022-07-07", "dateModified": "2024-11-21", "mainEntityOfPage": "https://blog.pentestnepal.tech/cve/cve-2022-31029/", "inLanguage": "en"}, {"@type": "FAQPage", "mainEntity": [{"@type": "Question", "name": "What is CVE-2022-31029?", "acceptedAnswer": {"@type": "Answer", "text": "CVE-2022-31029 is a vulnerability with a CVSS score of 5.9 (MEDIUM). AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `` in the field marked with \"Domain to look for\" and hitting ent..."}}, {"@type": "Question", "name": "How severe is CVE-2022-31029?", "acceptedAnswer": {"@type": "Answer", "text": "CVE-2022-31029 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown."}}, {"@type": "Question", "name": "Is there a patch for CVE-2022-31029?", "acceptedAnswer": {"@type": "Answer", "text": "Check the references section above for vendor advisories and patch information. Affected products include: Pi-Hole Adminlte."}}]}]} ☯ White Hats Nepal Security Research & Bug Bounty Home Articles Writeups Tools Hash Generator Base64 Encode/Decode URL Encode/Decode JWT Decoder Password Generator Bug Bounty CWE ATT&CK About Home CVE Database CVE-2022-31029 MEDIUM · 5.9 CVE-2022-31029 AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</script>` in the field marked with "Domain to look for" and hitting <kbd>ent... Vulnerability Description AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</script>` in the field marked with "Domain to look for" and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue. CVSS Score 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L Attack Vector NETWORK Attack Complexity LOW Privileges Required HIGH User Interaction REQUIRED Scope CHANGED Confidentiality LOW Integrity LOW Availability LOW Affected Products Vendor Product Versions Pi-Hole Adminlte < 5.13 Related Weaknesses (CWE) CWE-79 References https://github.com/pi-hole/AdminLTE/commit/b07372bd426ca8111824a0244dc89d07a7243PatchThird Party Advisory https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-cfr5-rqm5-9vhpThird Party Advisory https://github.com/pi-hole/AdminLTE/commit/b07372bd426ca8111824a0244dc89d07a7243PatchThird Party Advisory https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-cfr5-rqm5-9vhpThird Party Advisory FAQ What is CVE-2022-31029? CVE-2022-31029 is a vulnerability with a CVSS score of 5.9 (MEDIUM). AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</script>` in the field marked with "Domain to look for" and hitting <kbd>ent... How severe is CVE-2022-31029? CVE-2022-31029 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown. Is there a patch for CVE-2022-31029? Check the references section above for vendor advisories and patch information. Affected products include: Pi-Hole Adminlte. Quick Info CVE ID CVE-2022-31029 CVSS Score 5.9 MEDIUM Published 2022-07-07 Last Modified 2024-11-21 Status Modified Products 1 affected CWE CWE-79 NVD Page View on NVD CVE Database Browse all vulnerabilities Search CVEs ☯ White Hats Nepal Security Research & Bug Bounty Independent cybersecurity research and penetration testing knowledge base. Published by security researchers and bug bounty hunters. Navigation Home Articles Writeups Tools Hash Generator Base64 Encode/Decode URL Encode/Decode JWT Decoder Password Generator Bug Bounty CWE Database ATT&CK Techniques Resources Privacy Policy Terms of Use Sitemap About & Contact LLMs.txt Stay Updated New vulnerability research, tool tutorials, and bug bounty writeups published regularly. Browse Articles → © 2026 White Hats Nepal. All rights reserved. Published responsibly under coordinated disclosure.