{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.59_16" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "0.59_16" } ] } ] }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2dded47b3202dfdf89aa96f84bf701b3d5acbe6c" } ], "repo": "https://github.com/pfsense/freebsd-ports", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "3b40366aca55910b224ecf49d3fdacc9ad6c04f5" } ], "repo": "https://github.com/pfsense/freebsd-ports", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "2dded47b3202dfdf89aa96f84bf701b3d5acbe6c" } ], "repo": "https://github.com/pfsense/freebsd-ports", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "3b40366aca55910b224ecf49d3fdacc9ad6c04f5" } ], "repo": "https://github.com/pfsense/freebsd-ports", "type": "GIT" } ] } ], "details": "The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.", "id": "CVE-2019-8953", "modified": "2026-03-14T13:49:06.587984790Z", "published": "2019-02-20T16:29:00.900Z", "references": [ { "type": "FIX", "url": "https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c" }, { "type": "FIX", "url": "https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5" }, { "type": "FIX", "url": "https://redmine.pfsense.org/issues/9335" }, { "type": "EVIDENCE", "url": "https://cxsecurity.com/issue/WLB-2019020153" }, { "type": "EVIDENCE", "url": "https://www.exploit-db.com/exploits/46538/" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }