CVE-2019-8953

CVE Database · CVE-2019-8953

CVE-2019-8953

· N/AModified

CVSS v3.1

N/A

EPSS

52.24%

Published

Feb 20, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

Exploit-DBpfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

Weaknesses (CWE)

CWE-79

Affected Products (1)

netgate · haproxy (up to 0.59_16)vulnerable

References (10)

https://cxsecurity.com/issue/WLB-2019020153

ExploitThird Party Advisory

https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c

PatchThird Party Advisory

https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5

PatchThird Party Advisory

https://redmine.pfsense.org/issues/9335

PatchThird Party Advisory

https://www.exploit-db.com/exploits/46538/

ExploitThird Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs