CVE-2019-8953
CVE-2019-8953
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/46538/unverifiedexploitdbwww.exploit-db.com/exploits/46538unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cxsecurity.com/issue/WLB-2019020153https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6chttps://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5https://redmine.pfsense.org/issues/9335https://www.exploit-db.com/exploits/46538/