CVE-2019-8953 – pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-8953

20 Feb 2019 — The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. El paquete HAProxy, en versiones anteriores a la 0.59_16 para pfSense, tiene Cross-Site Scripting (XSS) mediante los parámetros desc (también conocido como Description) o table_actionsaclN, relacionados con haproxy_listeners.php y haproxy_listeners_edit.php. pfSense version 2.4.4-p1 with HAProxy Package version 0.59_14 suffers ... • https://packetstorm.news/files/id/152075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •