Home > Vulnerability Database > CVE-2019-8953

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2019-8953

Good to know:

Date: February 20, 2019

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

Language: PHP

Severity Score

7.8

Related Resources (7)

Url: https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c

Url: https://cxsecurity.com/issue/WLB-2019020153

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-8953

Url: https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5

Url: https://redmine.pfsense.org/issues/9335

Url: https://www.exploit-db.com/exploits/46538/

Url: https://www.mend.io/vulnerability-database/CVE-2019-8953

Severity Score

7.8

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v2.4.4_3

CVSS v3

Base Score:	7.8
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE

CVSS v2

Base Score:	9.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Do you need more information?

Contact Us