CVE-2019-8953

Name: CVE-2019-8953
Creator: NVD / NIST
Published: 2019-02-20T16:29:00.9+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 52.24%

Last modified Jun 17, 2026

CVE-2019-8953 is a vulnerability of currently unknown severity. The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.. EPSS estimates a 52.24% chance of exploitation in the next 30 days.

Description

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

Metrics

EPSS Probability

52.24%

98.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Netgate	Haproxy	< 0.59_16

References

https://cxsecurity.com/issue/WLB-2019020153Exploit, Third Party Advisory
https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6cPatch, Third Party Advisory
https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5Patch, Third Party Advisory
https://redmine.pfsense.org/issues/9335Patch, Third Party Advisory
https://www.exploit-db.com/exploits/46538/Exploit, Third Party Advisory, VDB Entry
https://cxsecurity.com/issue/WLB-2019020153Exploit, Third Party Advisory
https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6cPatch, Third Party Advisory
https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5Patch, Third Party Advisory
https://redmine.pfsense.org/issues/9335Patch, Third Party Advisory
https://www.exploit-db.com/exploits/46538/Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Feb 20, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-8953?

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

How severe is CVE-2019-8953?

Severity scoring for CVE-2019-8953 is pending analysis. The EPSS model estimates a 52.24% probability of exploitation in the next 30 days.

How do I fix CVE-2019-8953?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-8953?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST