EIP-2026-103311

PRE-CVE

Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103311. PoCs published by loneferret.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Pi-Hole's web interface (v2.8.1 with AdminLTE v1.3) by injecting a JavaScript payload into the blacklist or whitelist files, which executes when accessing the corresponding admin page.

Description

Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist

Exploits (1)

exploitdb WORKING POC VERIFIED

by loneferret · textwebappslinux

https://www.exploit-db.com/exploits/40249

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Pi-Hole's web interface (v2.8.1 with AdminLTE v1.3) by injecting a JavaScript payload into the blacklist or whitelist files, which executes when accessing the corresponding admin page.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Pi-Hole v2.8.1 with AdminLTE v1.3

Auth required

Prerequisites: Access to modify /etc/pihole/blacklist.txt or /etc/pihole/whitelist.txt · Access to the Pi-Hole admin interface

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026