CVE-2019-8953: XSS
First published: Wed Feb 20 2019(Updated: )
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgate Haproxy | <0.59_16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cxsecurity.com/issue/WLB-2019020153
- https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c
- https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5
- https://redmine.pfsense.org/issues/9335
- https://www.exploit-db.com/exploits/46538/
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-8953.
What is the severity of CVE-2019-8953?
The severity of CVE-2019-8953 is medium.
What is the affected software?
The affected software is Netgate Haproxy before version 0.59_16.
How does the vulnerability occur?
The vulnerability occurs via XSS (Cross-Site Scripting) through the desc or table_actionsaclN parameter in haproxy_listeners.php and haproxy_listeners_edit.php.
Are there any references for this vulnerability?
Yes, you can find references for this vulnerability at the following links: [1](https://cxsecurity.com/issue/WLB-2019020153), [2](https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c), [3](https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5).
- collector/nvd-index
- vendor/netgate
- canonical/netgate haproxy