cbcvebase.
CVE-2019-8953
published 2019-02-20

CVE-2019-8953: The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and…

PriorityP352medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
52.24%
98.8th percentile
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
netgatehaproxy< 0.59_160.59_16

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://192.168.1.1/haproxy/haproxy_listeners_edit.php
command">alert("test")
  • Monitor POST/GET requests to haproxy_listeners.php and haproxy_listeners_edit.php for XSS payloads in the 'desc' (Description) or 'table_actionsaclN' parameters.
  • The vulnerability is stored/persistent XSS — inspect stored HAProxy listener configurations for injected script content in the Description field.
  • Target endpoint for exploitation is /haproxy/haproxy_listeners_edit.php; alert on unexpected script tags or event handler strings in the PARAMETER 'Description' field.
  • ·Vulnerability affects HAProxy package versions before 0.59_16 on pfSense; the exploit was demonstrated on pfSense 2.4.4-p1 with HAProxy package 0.59_14.

CVSS provenance

nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.