The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2019020153 | Exploit Third Party Advisory |
https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c | Patch Third Party Advisory |
https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5 | Patch Third Party Advisory |
https://redmine.pfsense.org/issues/9335 | Patch Third Party Advisory |
https://www.exploit-db.com/exploits/46538/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2019-02-20 16:29
Updated : 2024-02-28 16:48
NVD link : CVE-2019-8953
Mitre link : CVE-2019-8953
CVE.ORG link : CVE-2019-8953
JSON object : View
Products Affected
netgate
- haproxy
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')