{"id":"CVE-2019-8953","details":"The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.","modified":"2026-03-14T14:34:17.250835Z","published":"2019-02-20T16:29:00.900Z","references":[{"type":"FIX","url":"https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c"},{"type":"FIX","url":"https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5"},{"type":"FIX","url":"https://redmine.pfsense.org/issues/9335"},{"type":"EVIDENCE","url":"https://cxsecurity.com/issue/WLB-2019020153"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46538/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pfsense/freebsd-ports","events":[{"introduced":"0"},{"fixed":"2dded47b3202dfdf89aa96f84bf701b3d5acbe6c"}]},{"type":"GIT","repo":"https://github.com/pfsense/freebsd-ports","events":[{"introduced":"0"},{"fixed":"3b40366aca55910b224ecf49d3fdacc9ad6c04f5"}]},{"type":"GIT","repo":"https://github.com/pfsense/freebsd-ports","events":[{"introduced":"0"},{"fixed":"2dded47b3202dfdf89aa96f84bf701b3d5acbe6c"}]},{"type":"GIT","repo":"https://github.com/pfsense/freebsd-ports","events":[{"introduced":"0"},{"fixed":"3b40366aca55910b224ecf49d3fdacc9ad6c04f5"}]}],"versions":["END-OF-2015Q4","devel_before_hashes_changed","v2.4.4","v2.4.4_1","v2.4.4_2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.59_16"}]},{"events":[{"introduced":"0"},{"fixed":"0.59_16"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-8953.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}