The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2019020153 | Exploit Third Party Advisory |
https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c | Patch Third Party Advisory |
https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5 | Patch Third Party Advisory |
https://redmine.pfsense.org/issues/9335 | Patch Third Party Advisory |
https://www.exploit-db.com/exploits/46538/ | Exploit Third Party Advisory VDB Entry |
https://cxsecurity.com/issue/WLB-2019020153 | Exploit Third Party Advisory |
https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c | Patch Third Party Advisory |
https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5 | Patch Third Party Advisory |
https://redmine.pfsense.org/issues/9335 | Patch Third Party Advisory |
https://www.exploit-db.com/exploits/46538/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 04:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://cxsecurity.com/issue/WLB-2019020153 - Exploit, Third Party Advisory | |
References | () https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c - Patch, Third Party Advisory | |
References | () https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5 - Patch, Third Party Advisory | |
References | () https://redmine.pfsense.org/issues/9335 - Patch, Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/46538/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-02-20 16:29
Updated : 2024-11-21 04:50
NVD link : CVE-2019-8953
Mitre link : CVE-2019-8953
CVE.ORG link : CVE-2019-8953
JSON object : View
Products Affected
netgate
- haproxy
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')